Is this possible?

Configure NAM so that the IDP accepts Kerberos authentications from
client workstations (that are in the AD Domain)?

But then have the same NAM IDP send a SAML assertion to a trusted SP?

I imagine it should work, provided you construct the URL as either an
SP-initiated login (it hits the IDP, sees you're logged in and then
sends the assertion) or IDP-initiated login?

And, correct me if I'm wrong, but using NAM to accept a Kerberos ticket,
requires the user source be AD, correct?

kjhurni's Profile:
View this thread: