Generating the right assertion from Okta as IdP

use case: Am developing an iOS mobile app to access a SAML-supported SP

OK so I have looked at the message flow on

and I am trying to understand exactly what I need to do to fulfil steps 3 and 4 (and the dotted line inbetween) in that message flow.

and understand that I have to receive from the IDP (Okta) an XHTML form (or maybe some other token).

There is the dotted “identify the user” message flow in the Wiki which isn’t really obvious; I know there are userID/password screens that Okta provide for my intranet that ask for that information, but it would be good to be able to send to Okta the userID and password without a dedicated browser window being required.

But even if I do use the Okta browser window

in what form do I get the response as a mobile app webview? Is it a cookie, an XHTML form, what exactly?

If I don’t use the Okta browser window, is there a URL I can use as a mobile app to HTTP GET/POST/send the username/password to, and receive a response, 200 OK or whatever, containing the token/assertion/XHTML form that I can use or extract the right information from to access the SP with the authenticated user?

Steps 3-4 represent the SAML Response step: