How do I send passwords in claims to unlock external storage?

I saw this posted before but with a different approach so I’m posting again.

I’m setting up home folders for all users on networked storage. The server is user-aware and automatically gives a different home share for every user. This works perfectly logging in against an LDAP userbase because, well, credentials are saved upon login, right? So, like we know, federation doesn’t pass sensitive credentials to the relying party and therefore the password get overwriten for a blank one when a user logs in directly instead of using federation.

The only solution I can come up with is to pass a claim with the user’s passwords in it.

I’m just becoming to terms with the whole federation thing, then after spending a horrible time trying to make sense of it one day it just clicked. I don’t know how to write claim rules, the syntax or language though, so if you guys could tell me if there’s a claim transformation rule for this or if it would work because I’m sure passing actual credentials is at the very least frowned upon.

Besides from this, everything else works amazing, without any issues and this installation has 1, come up perfect, like totally flawless and 2, this time I opted for a dedicated server instead of virtualizing so backing/restoring/etc up would be immensely painful. I’m very afraid of screwing something up.

It occurs to me of creating a single unauthenticated map to the storage server and do some sort of symlink to the users’ respective home folder but I have no idea how that would work or how to automated. Letting the storage server handle authentication is better because this way users get the same file structure no matter if it is Nextcloud, DSM, WorkFolders, AD mappings, iCloud, etc, it’s so cool. Anyway…