Hi All,

I'm configuring an authentication contract for use with a saml SP in our
environment which consists of multiple user stores (AD + edir), and
wondering if anybody has a NAM setup which does the following;

1) Desktop SSO
2) Fallback to Username / Password Form for users not able to desktop
sso (ie, external users)
3) Uses the Password Expiration Servlet option on the contract

Retrieval of attributes required in the saml assertion needs to come
from eDir.

I've tried a number of setups and whilst I can get the desktop sso &
fallback options working and can login to the saml SP without issues,
each time I redirect a user to a Password Expiration URL, the LDAP
credentials which I'd like to use via Identity Injection or Form Fill,
appear to be unavailable.

If I swap the contract to be a standard form based login using a
ProtectedPasswordClass and don't offer any desktop sso, the credentials
are available when redirecting the same user to the Password Expiration

I'm keen to know if this is possible (assuming it is), and if you can
describe your class / method / contract setup you're using to achieve
this, it would be appreciated.

Thanks in advance.

gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=56536