I was wondering if CA Access gateway supports delegated authentication for SAML partnerships?
I am the IDP. I have a partnership with an SP. The Authentication URL in the partnerships points to the redirect.jsp and it's protected with a form based authentication scheme which pops an fcc and collects credentials.
Now, would it be possible to change this authentication URL to another URL, which is a different siteminder protected app. This app will collect user credentials and then submit it to a fcc to create the SMSession cookie. After creating the cookie, it would redirect to the redirect.jsp to generate the assertion and post it.
Is this possible with CA Access Gateway? The important part is that when CA Access gateway does this redirect, it should include the original relay state in the request so that in the redirect back to the redirect.jsp, the relaystate would be included.