We have a usecase where we would like to split authentication and
authorization. So a user would login to VPN via SAML which would return
their email/username. I would then like to lookup their groups from our
local AD which would be used in firewall...
The network we manage currently only has users connecting remotely via
SSL VPN with authentication via LDAP back to Active Directory. This
allows all group memberships to be fetched and used in firewall
rules.Each user might be a member of several gr...