IG makes the OAuth call from within an iFrame. Which is different than
the Identity apps, which redirect to OSP, then to the IDP and so via the
main page.

IG runs a client side service which does the work in the frame.

Alas this triggers click jacking support, which later NAM's correctly
block, cuz it would be very bad to allow it.

There is a TID that says you can add an exclusion, we did that in NAM
and still having issues.

Anyone gotten SAML Fed with NAM 4.4 against OSP 6.2.xlatest with IG 3.01