IDP disvovery problem
In brief: When the source of a user's identity and authentication information (identity provider or IdP) is different from where the information is consumed (the service provider or SP, also known as the relying party or RP), certain scenarios require the RP to initiate contact with the IdP in order to accomplish single sign-on or other similar federated identity activities. This requires that the RP know how to locate the IdP.
In more detail: SSO is commonly deployed in one of two major styles. An IdP that serves users as a one-stop portal to RP websites (typically a known set of partners) is the simpler style, and because the IdP initiates contact with each RP (called IdP-initiated SSO), it has no discovery problem. A more complex style is SP-initiated SSO, in which users can approach (or bookmark) the website belonging to an RP directly; it is only when a user asks for protected resources at this site that the site must then begin a conversation with the user's IdP. But which IdP, where on the network? That is indeed the problem.
IDP disvovery problem
What problem does an IDP discovery method to solve
What problem does an IDP discovery method to solve
about what the idp know in a standard SAML redirect protocols,
privacy should be kept to let idp know less about the rp to avoid collusion of idp and rp