Validation URL in Nexus Go authentication method should be https://<Access Point Domain Name>/wa/auth?authmech=<Authentication method display name>For example, if domain name is "sp.test.com" and authentication method's display name is "Nexus Go method" then validation URL should be https://sp.test.com/wa/auth?authmech=Nexus%20Go%20method.
When user authenticates via Nexus Go, HAG stores saml attributes present in saml assertion response coming from "NEXUS GO" into the HAG user session. It would be possible to forward the attributes that Nexus Go method receives from "NEXUS GO" to the external SP.
For instance if saml attribute issuerOrganizationName from "NEXUS GO" is required to be sent to external SP, then while creating Attribute group in saml federation, keep source as Session. Friendly name is used to fetch the data from Sessoin, so keep friendly name same as saml attribute name i.e. issuerOrganizationName. Follow help for saml attribute group to have different Friendly Name..
Since these response attribute would be stored in User Session, if user authenticate via two IDP in same session and Digital Access receives same attribute name from both IDP , in this scenario values will get overwrite.
If HAG as IDP does not require to store saml assertion attributes into the user session, one can disable by adding extended parameter store_response_attribute_in_session in "Nexus Go" authentication method configuration.