I was wondering if it possible to make OpenID Connection federation with OpenAM. I didn't find anything in this subject and it appears to me that OpenAM allow Federation only for SAML,Liberty ID-FF, and WS-Federation.
So is it possible to make OpenID Connect federation with OpenAM as we can make it in WSO2? If so, how?
Here's an image that illustrates my needs. You can see bellow an architecture of two companies where each one have it's own IdP and some SP. In red, you will see the communication that I want to make:
Thank you for your responses
Let me first clarify what I was trying to do: Double Federation (Federation between SP and IDP2, Federation between IDP2 and IDP1). This remains a rare case where you want your clients to have sessions in both IDP and you want to abstract the complexity of the SSO for your service providers.
Because it's a rare case and not covered by the protocol, OpenAM haven't implement this functionality yet. You will be obliged to add complexity to supply (SP) so it will have two client id (one for each IDP) and the client will need to choose his IDP or inject the client id in the urls of the SP.
Some considerations:
When using the double federation, you need to make sure that your clients of the entreprise 1 won't access service providers that should be private for the entreprise 2.