Differences between SP initiated SSO and IDP initiated SSO
Can anyone explain to me what the main differences between SP initiated SSO and IDP initiated SSO are, including which would be the better solution for implementing single sign on in conjunction with ADFS + OpenAM Federation? In IDP Init SSO (Unsolicited Web SSO) the Federation process is initiated by the IDP sending an unsolicited SAML Response to the SP. In SP-Init, the SP generates an AuthnRequest that is sent to the IDP as the first step in the Federation process and the IDP then responds with a SAML Response. IMHO ADFSv2 support for SAML2.0 Web SSO SP-Init is stronger than its IDP-Init