I have a OIF use case to solve. My company is using one external third-party application (service provider) in our portal thru deep linking. The external app has users from my comany as well as users from other clients in their user store. The users from other clients are now using the custom authentication mechanism provided in external app itself.
Our Requirement : MyCompany users who are already logged in to our portal can access external application without re-authentication.
We will set us as IDP and external application as SP. Assume that our users are already in sync with External application, this use case should work fine when our users login from our portal.
But, what happen when our users or other-client users try to login to the external application directly? The desired behaviour here is, our user should go thru IDP and other-client's users should go thru external app's custom authentication. How to implement this in OIF ?