I have a use case where a web application needs to let users authenticate in two different ways but using the same user data store (aka IDP) via SAML.
- User's browser is redirected to IDP and redirected back with SAML assertion (aka WebSSO Profile).
- User makes request to SP providing their credentials via Basic Authentication. SP would then need to send the user's credentials to the IDP and the IDP would provide an assertion all through a back channel (server to server).
I'm using Spring Security SAML extension. The sample application in Spring SAML contains both basic authentication with username and password and SAML-based authentication but the Basic Auth portion uses local accounts defined in the securityContext.xml file. I need to use the user accounts on the IDP. Is this possible? If so, how do I configure Spring SAML?
