IdP Initated SSO with SAML ACS as target URL

Posted on

Hi everybody,

following scenario:
A user is on a website where he has the possiblity to jump to webapplications of different vendors. The purpose of this website is to provide SSO when the user jumps into the target application. The website provider only supports IdP Initiated SSO and the button links provided are just SAML Assertion Consumer URLs.

So the flow that I hope for is:
1. User login on website.
2. User clicks on button.
3. Website creates SAML RESPONSE ,redirects user to the SAML Assertion Consumer URL and POSTs the SAML RESPONSE there.
4. RH-SSO validates SAML RESPONSE.
5. RH-SSO redirects user to the application and provides SSO.

Is this scenario feasible with a stock RH-SSO or do we need custom modules for this?