We are setting up NAM3.2 to federate with external IDP (ADFS2) to allow
external users to use our apps. In NAM we use AD as user store. During
setup, we were able to make WS federation work so that external account
can match existing account in our local AD. The problem is that we
cannot get unencrypted password to pass to our application (which either
require form fill or identity injection). We are thinking of a work
around, after external user is marched with the local user, we'd like to
inject our code into the process so that each time external user login,
we will reset the local account password, this way since we reset the
password in our code, we know the password and will be able to use that
password to pass to applications. What we don't know is if this is
possible, of it's possible, how to inject the code. We have the Novell
SDK and have customized local user login process with a customized
class/method/contract so we kind of know how the SDK work.

Any help/suggestion is appreciated.


mxu1386's Profile: https://forums.netiq.com/member.php?userid=1361
View this thread: https://forums.netiq.com/showthread.php?t=50300