Need to understand if there is any feature or configuration within OpenAM using which we can pass the user information received from First Circle of Trust to another Circle of trust. We need to create a bridge between to applications, application1 act as IDP to OpenAM under CT1 and application2 act as SP under CT2. By setting transient user as anonymous,the information of actual user is missing. OpenAM act as sp for application1 which consume the SAML2 assestion and act as IDP for application2 to which it needs to pass the information.
Here’s a simple explanation of expected flow,
1. SP initiated flow, User redirects to IDP for login.
2. CT1- application1(IDP)->SAML2->OpenAM(SP)
3. Default Relay URL called for CT2 , IDP initiated flow
4. CT2- OpenAM(IDP)->pass user info received from CT1 ->application2(SP)