Symptom

When using Azure SAML SSO for guest portal login and the UPN character length is around 50, ISE will add FQSubjectName while looking up for guest user and will try to add in the database if the username is not found. While adding got the below error, 2022-02-24 09:31:58,879 DEBUG cpm.guestaccess.flowmanager.adaptor.PortalUserAdaptorFactory -::- No user was found using uniqueSubjectID. Falling back to 1.3 lookup method 2022-02-24 09:31:58,880 DEBUG cpm.guestaccess.flowmanager.adaptor.PortalUserAdaptorFactory -::- Now searching with with FQSubjectName 2022-02-24 09:31:58,881 ERROR cisco.cpm.guestaccess.validation.GuestAccessValidation -::- Validation Error : The User Name field must contain lesser than or equal to 64 characters.

Conditions

When the UPN from External Identity store is more than 64 characters.

Workaround

+ Changed the Unique User Identifier to "user.mail" in Azure. + Mapped the email attribute to Identity attribute in advanced settings

Further Problem Description