We have NAM as an SP to a third-party IDP.
Due to the SAML setup, you can only globally (well per trusted IDP) set
the Federation options. Unfortunately we have multiple applications
(protected resources on the MAG) that utilize the third-party IDP, and
some of them require further manipulation of the accounts, this means we
have to federate all the users into eDir (and then there's further
processing via IDM UA for SOME users).

Is it possible to have NAM detect which MAG resource is being requested,
such that when it federates the user, it puts a specific attribute value
into the federated user's account?

ie:
User goes to https://blah.com, gets redirected to the third-party IDP,
logs in, SAML assertion comes back, NAM does the lookup in eDir, fails
to find a match and federates the user.

user goes to https://somethingelse.com, gets redirected to the
third-party IDP, logs in, SAML assertion comes back, NAM does the lookup
in eDir, fails to find a match and federates the user but adds an
attribute/value pair.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=53150