Okay, due to changes in GW2012 code, we have to use NAM if we want to do SSO into GroupWise WebAccess (our portal software won't do it anymore without blocking the javascript necessary for timezone detection).

Folllow TID #7010088

Works fine

HOWEVER:

We have a LOT of External Entity accounts that are web-access only. As such, with the settings in the TID, they can no longer gain access because they get redirected to NAM securename/form and they don't exist in eDir (GW only objects, basically).

So I don't know how to get it to be conditionally "public" (and then they manually login to webaccess like they always have).

WITHOUT having to create a whole new proxy/DNS name, etc.

???