My situation: our application MyApp must perform Single Sign On to access to third party applications (ThirdApp1 ) contents . Using SAML ThirdApp1 and ThirdApp2 are Identity providers and during the login process the user is redirected to the login page of ThirdApp1 , inserts login and password and then is redirected to MyApp again, with a token that can be used to access ThirdApp1 contents.
The problem is that our requirements is that the user is shown OUR login page, not the IdP page.
I read on this site that this violates the SAML principle, but could a workaround be to create our login page (that becomes the IdP), and then this page sends login/pass to the real IdP as a POST and returns the real Idp response?
If this is not possible could another architecture like OAuth 2.0 be better for our requirements? (Please suggest a workaround, not 'this violates the separation between service provider and identity privider')
This isn't supported by the SAML, OAuth2 or OpenID specifications. If the user credentials must be entered at your site the only option I can think of is some sort of proprietary solution with all the attendant security implications and requiring the participation of the identity providers.