I have a typical use case here.
Currently users of federated applications are being authenticated by an IWA server which is using the AD lets say AD1.
The current IWA Authentication scheme (IWA_Auth_Scheme) supports Active Directory/LDAP.
Now i need to implement, is to bring more new users who are on AD2 to use the same IWA_Auth_Scheme to access the same federated applications.
The POC that i need to do is:
1. Use the same IWA server to authentication the users both from AD1 and AD2.
2. Do a mapping in CA SSO such that if the user is authenticated through AD2 map his identity with AD1 (e.g if AD2.EmployeeID = AD1.EmpID return AD1.EpID) and return the EmployeeID from AD1 and pass to the federated application.