This is a weird one:

Let's say our NAM IDS is set to be an SP and we are using a third-party
The third party-IDP sends the SAML stuff to the NAM IDS/SP just fine

Now, here's where it gets tricky:

I'm using NAM to federate that info into eDir, and then using IDM to
further manipulate the user object (ie: Put the user into an RBPM
workflow for self-provisioning).

All that goes into an eDir Vault that NAM has access to.
BUT, then IDM further syncs that info into OID (Oracle Internet

The clincher is that we have an Oracle EBS app that needs to use OID for
authentication purposes.

So is it possible for NAM to get the originating "user" via SAML (and
obviously a set of attributes from the third-party) and somehow,
magically know which user that is in OID and then read OID to send a
different attribute for the purposes of Identity Injection to login to
the Oracle app?

I know if we were using eDir as the auth. source (not third-party SAML)
that I could read the eDir attributes of the user (that's because NAM
knows who you are then) but I have no idea if what I propose is even

kjhurni's Profile:
View this thread: