We currently have an application which acts as a service provider in a SAML SSO configuration. The identity provider is a completely different domain we don't control, our customer does. Our customer though would like us to have a "fancy" login widget; basically instead of clicking the link and being redirected to their identity provider, they'd like us to have a user name and password entry form appear.
My understand is that its not possible for us to provide that kind of interface due to how SAML works, but they can do it on their site as they don't need SAML for their service provider applications, they can just integrate with their own logon system.
Is this correct, or is there a way to implement the logon form as they suggest?
