I have an application that uses SAML with Okta for authentication; in this context, Okta is the IdP and my application is the SP. At the same time, I also want Okta to be the SP to other federated IdPs, where the other IdP is determined dynamically at runtime.
Application <—[SAML]----> Okta <----[SAML]----> Other IDP
I think you can do something like that with OIDC between application and Okta, where you can specify an idp argument on the URL: /oauth/authorize?idp=xxx
Is there a way to do this for SAML as well?