HI,

We have an existed application that keeps users in database and authenticates them with DatabaseServerLoginModule using form based authentication. Some of the users wants to login into SalesForce first and then access our application via SSO. Since SalesForce exposes SAML 2 IDP, it seems no brainer to make our application a SP. To achive it I need to point my application to

<security-domain name="sp" cache-type="default">

<authentication>

<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>

</authentication>

</security-domain>

The problem is that it would force everyone to use/be registered in remote IDP which is not desireable. Is any way to mix "standalone" and SAML authentication for the same resources (EAR/WAR)?

Thanks,

Maksym