Those with Adaptive Authentication instances, have you ever fired up console access and ran 'cat aaad.debug'? I'm seeing frequent unknown usernames appear over and over. They are all in the format of first initial + common last name. The re-occurring series of log entries look like this, process_kernel_socket 0-7519: partition id is 0 is_valid_authenticate_req 0-7519: received authenticate request: with member details userlen [7], rem_addrlen [13], server_addrlen [0] is_invalid_aaad_req 0-7519: Found valid AAA_REST_AUTHENTICATE/AAA_AUTHENTICATE/AAA_AUTHENTICATE_NEGOTIATE request process_kernel_socket 0-7519: Received encrypted password from PPE ns_aaad_decrypt_auth_passwd 0-719: ns_aaad_decrypt_auth_passwd performed : status 0 process_kernel_socket 0-7519: call to authenticate user :jbrown, vsid :1141, userlen 6 process_kernel_socket 0-7519: call to authenticate user :jbrown, vsid :11441, req_flags 400802 start_cascade_auth 0-7519: starting cascade authentication cascade_auth 0-7519: Delegating saml auth to kernel for : jbrown When a real username logs in through the Adaptive Authentication instance, it starts off looking nothing like this. These series of log do occur after saml is successfully canonicalized and before an LDAP lookup is performed. I can't figure out what would be generating the random usernames I'm seeing.