dei3400 wrote:

> Yes, thats exactly how I mean.

Cool, you can do this. You'll have to create something called an
external contract. I assume you've configured the external Identity
Provider to be a trusted SAML Identity Provider in your IDP.

If you want to use/call some custom Auth Contract on the external IDP
create the EXACT same one locally (the only important thing is the URI
on the contract to be honest. Don't worry about configuring custom
login pages on this etc). On the custom contract you want to use check
"Satisfiable by External Provider".

If you now go to the Trusted Identity Provider and select the
authentication card | Authentication Request you can see that your
custom auth contract have popped up under available contracts. Select
this contract and set the 'Context Comparison' to 'exact'. Once you've
applied all this configuration and you browse to the protected resource
protected with this custom contract it should forward you all the way
to the external IDP where you can then authenticate. THe external IDP
will send you back to the protected resource (well, not directly but
eventually you end up there).