I'm trying to do a header injection to a resource and it seems as if
it's only possible to accomplish this if I have an Authentication
Procedure selected at the protected resource. Problem is that I'm using
an external IDP via SAML2 and need to be able to access this resource
even when I'm not authenticated.


- If I try to access this resource, protected with "Any Contract" and
*not* authenticated I cant access the page.
- If I try to access this resource, protected with "Any Contract" and
authenticated I can access the page and the header injection works.
- If I try to access the resource with no protection and authenticated
I can access the page but the header injection doesn't work.
- If I try to access the resource with no protection and *not*
authenticated I can of course access.


So is it possible to do header injection with eg username of an
authenticated user (via external SAML2 IDP) to a resource that is not
protected?

thanks


--
dei3400
------------------------------------------------------------------------
dei3400's Profile: https://forums.netiq.com/member.php?userid=4671
View this thread: https://forums.netiq.com/showthread.php?t=54521