This one's weird.

NAM IDS is setup as an IDP only (meaning you go into the NAM IDP -> Edit -> SAML2 tab and it only shows Service Providers).

Anyhoo, I'm having to work with third party vendors here who know even less than I do about SAML which is scary.

The back-end web server is IIS front-ended by NAM AG (but currently "public").
You fire up browser and go to the published DNS (which is on the AG) and the back-end web server redirects you to the NAM IDP Login Page (remember, we're using "public" protected resource currently for testing)

You see the NAM login page and you get this after logging in (on the NAM IDP):

The Service Provider being authenticated has requested account federation with this site.

Service Provider domain:

Do you give consent for this federation?
Now, what's strange is that in the Dev lab (same NAM setup, just separate servers) it works fine (you don't see that odd thing). It's my understanding that Federation would have to be configured on the SP in order for this to happen yes?