Forum Discussion
Michael_Koyfma1
Mar 06, 2015Cirrus
Frank,
What you're trying to do is definitely possible and has been done quite a number of times. It's unclear right now if any of the issues/errors you're mentioning are benign or not. What is your end goal? Does your IDP serve only a single SP, or are there multiple SPs in the future? The way it should work is you should be going to SP, which will send users to the IDP with AuthN request, and then it will run through the Access Policy, perform seamless transparent authentication and issue SAML assertion in the response.
You should also turn on APM logs, including SSO to debug mode to see everything that is happening. And last, but not least, SSO Credential Mapping agent should not be necessary in your case.