We have an issue with identity mapping with federation. We are actiing as SAML 2.0 IDP and we use SP initiated flow to access partner app.
On IDP side, we have a situation where user with existing smsession (with default home page that is protected using LDAP1) trying to access federated app (using SP init flow) that is protected using LDAP2 on IDP side.
We did set up LDAP1 -> LDAP2 identity mapping and enabled it for a realm that contains auth URL specified in IDP -> SP partnership.
But this identity mapping is not triggered in federation case as it seems auth URL is not being invoked as there is existing smsession and fed end point is rejectng this session immediately due to invalid DN as identity mapping is not happening.
12.52 Identity mapping doesn't get invoked in federation use case ?
We are using 12.52 SP1 CR0 version.
Thanks,
-Kishore