My application has users from different organizations, each with their own SAML IdP and some form of portal with links to the different applications that are used by the organization.
The expected user experience is “click the link to an application and you’re in” (since they are already authenticated at the IdP).
I do not want to use IdP initiated login due to security concerns.
Many SAML SP:s allow you to craft a URL containing the entityID of the users IdP. This way you can achieve a seamless SSO experience for the user in an SP initiated flow.
Is this possible for the Cloudflare SAML SP?
Example for Shibboleth SP:
Session initiator: https://myhost.example.com/Shibboleth.sso/Login
Service provider target url: https://your.example.com/Shibboleth.sso/Session
Identity provider entityID: https://sso.example.org/idp/shibboleth
Given the information above you can build the following URL: