I'm trying to provide SAML authentication in an already existing app.
During a POC, I was able to implement the quickstart "picketlink-federation-saml-sp-with-metadata" sucessfully, using an external public IDP, ssocircle.com. Both scenarios, SP-initiated SSO and IDP-initiated SSO are working fine.
Unfortunately, in the real case scenario we will only need the IDP-initiated SSO, so, if a user acesses the SP directly, a local form authentication should be presented without any interaction with an IDP. In this case I have two login-modules, one is SAML2LoginModule and the other is a custom LdapExtLoginModule.
Is there any way to "disable" the SP-initiated SSO to achieve this scenario using PicketLink SAML?