IdP -Initiated Connection

An IdP-initiated connection is set up in order to make it possible to log in to a service provider, which was not the service provider that initially made an authentication request. It is basically a method in which a user can log in to a Service Provider from the Identity Provider.
To set up an IdP-initiated connection, click the SAML 2.0 button under the Tools group in the Connections list.

idp - 1

This will immediately set up a connection, as shown below.

idp - 2

The connection that was set up will be called “Identify runtime connection,” as shown below.

idp - 3

This connection will then be available as a separate URL that can be contacted to carry out IdP-initiated login.

The typical site to contact is /runtime/idpinitiated, e.g.:

When contacting this URL, the user will see the following page:

idp - 4

There really is no difference between signing on to the site and signing on to one of the sites in the drop-down list. When signing on to the site, the user will just be shown the list of sites anyway. After choosing a site, the user will then be redirected to that site as an authenticated user.