Okay, so let's say NAM IDS is acting as a CONSUMER to a third party IDP
for SAML.

I get a set of attributes from Third party via SAML.

Does the Federation happen BEFORE or AFTER the NAM IDS Authorization
policy?

Meaning:

Let's say I look at one of the attributes in the SAML assertion, and see
it's not what I want. So I "reject" the connection and redirect so some
web page saying, like "you're not authorized".

But, does that happen BEFORE the Federation part happens?
Or
After?


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=47027