Bhusan BhushanPurandare
One possible try out....
Scenario1: Assuming SiteMinder Federation Services is being used on IdP Side and SP Side (ServiceNow is SP).
On IdP Side
Create 2 different Partnerships or AffiliateDomain (Legacy Federation) on IdP Side i.e. ServiceNow_Internal and ServiceNow_External.
Caution : using same IdP ID for both, SP ID needs to be different / unique. The challenge might reusing same IdP ID on SP Side. Otherwise use Different IdP ID.
On SP Side
For the SSO with IdP ServiceNow_Internal traffic incoming into ServiceNow, create a partnership or SAML Auth Scheme (Legacy Federation) with AD as UserStore.
For the SSO with IdP ServiceNow_External traffic incoming into ServiceNow, create a partnership or SAML Auth Scheme (Legacy Federation) with Custom Directory as UserStore and may need to develop a "Message Consumer Plugin" on top of it.
NOTE : For Custom Directory, one may need to write a DLL if tinkering registry settings is not sufficient.
Scenario2: Assuming SiteMinder Federation Services is being used on IdP Side and SP Side (ServiceNow is SP) we are using some other SAML Compliant toolkit.
On IdP Side
Create 2 different Partnerships or AffiliateDomain (Legacy Federation) on IdP Side i.e. ServiceNow_Internal and ServiceNow_External.
Caution : using same IdP ID for both, SP ID needs to be different / unique. The challenge might reusing same IdP ID on SP Side. Otherwise use Different IdP ID.
On SP Side
We need to investigate how the toolkit could be configured to support the external black box DB.
Regards
Hubert