I'm not sure whether this is possible with SAML. I originally tested some of our GP portals/gateways w/ a RADIUS auth profile. Once I added a SAML profile above it though, it seemed like it was one or the other (whichever was higher in the list). You might need to consider two separate portals and gateways Alternatively, you could do a single portal with LDAP auth that has a very long cookie expiration (e.g. 365 days), and two gateways (one with LDAP as the authentication, and one with SAML) that have much shorter cookie time-outs (e.g. 8 hours). The LDAP gateway could be set to high priority, and the SAML gateway could be set to manual only in the portal agent config. If the user is unable to authenticate with LDAP, they could choose the SAML gateway instead.
... View more