We have a little bit of “special” project where the customer insists of keeping JOSSO as an SSO server instead of ForgeRock AM.
Between the user and the application, we have an IG which should filter the requests and recognize (external) pre-authenticated users.
Because of some limitations in JOSSO, we are asked to provide a SAML flow where JOSSO acts as an SP and asks IG for a SAML assertion based on the pre-auth token.
My questions are:
1. Could I write a custom extension (JAVA handler) for IG to create the SAML assertion?
2. Is there any solution which is more smart?
3. Shoud we tell the customer he has to use AM (additionally to JOSSO) in order to create SAML assertions?