I need to deploy seamless SSO for mobile and AD desktops.
This SSO is used to access remote SP (SFDC).
For AD desktops, I selected IWA as my seamless authentication method.
For mobile, x509 client certificate.
There is only one URL that can be used as SSO URL at the SP side, so it means that I need to protected the saml2sso service with multiple authentication methods (based on user-agent header)
What are the ways of supporting both authentication methods for the same SAML2.0 partnership?
I'm have played with redirect.jsp, but it can only be protected with a single Authentication Schema.
I'm planing on using X509 or form authentication schema and some manipulation with proxy rules.
Is there a better way doing this?