Next quarter we will start working on Federating user account. The idea
is allowing user from other branches of the department to use our
application using their own account (already exists in their
own ID store). We will create one account (in our AD server) for each
of the out side account and use common property like Email address to
federate the two accounts with SAML2.
In our environment, all protected applications (using NAM) has their
own authentication process, right now we configured NAM to do form fill
or ID injection to the applications so that they can be
authenticated in the same AD (the same AD is also configured as NAM
user store). However, when a federated account try to log in, how can we
get the password from our own AD? I searched and didn't find a way of
doing it. My question is if there is a way to get local AD password
using NAM so that it can pass it to protected application? I heard that
is users are stored in eDirectory, local password can be retrieved, but
we don't have plans to so that since the impact will be too big. This
has to be a common issue with federated account, how does others work on


mxu1386's Profile:
View this thread: