My understanding is I would have:
If I used a package support SAML such as Kentor to add SAML support to IdentityServer, what would the SAML authentication experience look like to the user?
They go to a restricted page on my MVC application, it detects they are not logged in, redirects them to IdentityServer, and IdentityServer would then redirect them to the SAML endpoint(such as ADFS) to enter their credentials, then be redirected back to IdentityServer which would them redirect them back to my web application.
Is that correct?
Correct - for identityserver 3 and sample as below.
What protocol is your MVC app. using to connect to identityserver?
OOTB, identityserver would show you its logon page (much like HRD) and the user would have to click the SAML IDP button.
Refer : IdentityServer : ASP.NET MVC application to idsrv3 to ADFS via SAMLp 2.0