Is this possible?

Configure NAM so that the IDP accepts Kerberos authentications from
client workstations (that are in the AD Domain)?

But then have the same NAM IDP send a SAML assertion to a trusted SP?

I imagine it should work, provided you construct the URL as either an
SP-initiated login (it hits the IDP, sees you're logged in and then
sends the assertion) or IDP-initiated login?

And, correct me if I'm wrong, but using NAM to accept a Kerberos ticket,
requires the user source be AD, correct?


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=49489