Grab username/domain from a kerberos ticket header
Is there a way to get the username/domain from a kerberos ticket without having a ressource (web site) server side. In other words: I have an IDP and I'm getting a saml request from an external SP. I need to grab the email address for AD account to send back in the saml response. I don't want to use a logon page for internal users. I know you can use the 401 response policy flow to see username/domain in the session info but I don't have any web site or ressource to do the AAA kerberos auth. I am looking for something like the NTLM Authentication SSO where you create a computer in AD and call the ECA profile and either get the variables from ECA::username ECA::domainname or decode the NTLM messages (type 3 is the one with the username/domain info). I'm going to do some tests but thought to ask here first so I don't re-invent the wheel :-)