We are working with the SSG OAM custom assertion that CA has, and are trying to make a test SSG policy that does form-based authentication and that works with that OAM assertion.
The thing is that the way that that assertion is implemented, it expects that user credentials are in the request.username and request.password variables.
That works fine if HTTP BASIC authentication is being done (e.g, by using a Require BASIC authentication assertion, which populates request.username and request.password), but, the request.username and request.password are not settable (since they are built-in SSG vars) so there is direct way to do the Forms-based username-password authentication with that OAM assertion.
I know that there is a way to solve this, because we did this in some test SSG policies many years ago, but I cannot recall HOW? I *seem* to recall that it was a kind of "tricky" thing to do... maybe involving something like a redirect and injecting an Authorization HTTP header, or, I vaguely remember something like using some kind of transform or something like that?
Does anyone know how to do that?