I am trying to setup Saml authentication for remote access VPN. I would like to use OneLogin as my IdP. I have been using http://downloads.checkpoint.com/dc/download.htm?ID=114551 as the basis for setting this up. I am having several issues and was hoping someone could give me some insight.

1. I am getting a 500 error after authenticating via onelogin. I assume I am not sending the token back correctly to the gateway, How would I go about finding logs/troubleshooting the issue?

2. Is it possible to have users who login using just ldap queries to AD and not through SAML authentication and other users which use the SAML authentication process? It seems to me to be possible as there are different realms for each situation, but I have received conflicting advice,

3. How do I create per user/group access rules for my SAML users? Do I use Identity tags? Does someone have a good resource for this?

If anyone has any experience using an IdP which is not Azure AD in this use case, I would appreciate any insight

Thanks 

Aaron