Super super, think I misunderstood the purpose of LDAPCP augmentation, was hoping that the information it populated the claim with would enable the existing Sharepoint permissions to "just" work.
It certainly makes the people picker easier to navigate though our IdP sends the group info through in the ticket anyway so if we want both AD and SAML authentication to work we really need to define two seperate rules in the picker.
On the upside I've learnt a lot about Sharepoint, SAML and claims over the last week, which is good as off to Paris tomorrow to see customer :)
Thanks for the help.
It certainly makes the people picker easier to navigate though our IdP sends the group info through in the ticket anyway so if we want both AD and SAML authentication to work we really need to define two seperate rules in the picker.
On the upside I've learnt a lot about Sharepoint, SAML and claims over the last week, which is good as off to Paris tomorrow to see customer :)
Thanks for the help.