From what I can gather, it would seem that it is possible to get this to work however we are getting errors from OSP that says "Error: An Identity Provider response was received that failed to authenticate this session."

Looking into the OSP logs (turned to ALL logging) the only thing that I can get from it after the SAML2 post is this: "Authentication Method (Auto) SAML2 Authentication Method requires additional interaction."

My searches pointed me towards this post ( where it looks like it should be rather easy.

Should we have the nameIdentifier as Transient or the CN/UID? Any other settings that might be got-chas?