Ok. I'm at my wits end here, and would love to get any suggestions that
anybody might have on how I can effect Kerberos authentication to
UserApp with (or without) Access Manager. The main issue is that as
far as I've been able to tell, authenticating to UserApp from Access
Manager requires a Form-Fill of Username and Password, but if the user
authenticates to AM via Kerberos (or Liberty, or certificate, or other
trust-based authentication), I don't have access to the user's password
to complete the form-fill.
Is there any way to do trust-based authentication into UserApp, or
failing that, to do Identity Injection into UserApp? (With some
finagleing, I think I could pull the user's password out of our IDM
system using NMAS, and feed it in as a Java API Identity Injection
value - but I'd rather not resort to that.)
A third route I could take would be to populate the user's password
into the Access Manager secret store (or a remote secret store tied to
our IDM infrastructure), but I'm not sure about the feasibility of
populating the secret store out of IDM. Anyone have any thoughts on
the best route to get to where I need to go?