We have a setup where we have configured WNA for web application. The tricky thing in this is instead of the basic pop-up, which comes up when user accesses the application from another network/internet, we have configured a custom login page. We have followed the solution explained in this link - Windows IWA Failover to HTML Form Login.docx
Now, the requirement is to enable the WNA for SAML based applications, but we can't install/configure the CA Option Pack on Windows 2008 IIS server. Hence, we have to redirect the request to our IDP and then to WNA machine where we have protected the redirect.jsp.
Flow is -
user accesses SP app - request comes to IDP - IDP redirects user to redirect.jsp that is protected by form authentication scheme on Windows server - request goes to the CA addon in the above link on windows machine - user is authenticated by kerberos token
the form login is displayed.
Do you find any problem with the above solution ? Can anyone suggest a better solution to perform this integration?
Any help/pointer is appreciated.
Any pointers/suggestions around this?
I see no problems with the proposed request flow. It appears to be a standard SP-initiated request flow, and any regular (non-SAML) auth scheme can be used to protect the Authentication URL (redirect.jsp), so I don't see anything out of the ordinary here.