'Discovery' is a mandatory point for Inbound-SAML. You can/cannot show end users the discovery page but your workflow must have to run through discovery page to achieve a successful authentication.

Thats what I thought but how do I make it so its not visible to the end user?

Hi Mohib, I'm attempting to bypass the Gluu passport login page, and direct the user to their external IDP. I've set up a SessionInitiator in my Shibboleth2.xml which points to an html file. This file will take user input and then determine which IDP they should be directed to. I'm using some of the code from the 'idp_redirect' function on the passportlogin.xhtml page to redirect the user to their external IDP. This is working correctly, and the user can be authenticated by their IDP. On return to the passportpostlogin.xhtml page I receive an error though. It seems that because I've never visited the passportlogin.xhtml, then I'm missing some cookies that I need. Based on your comment above, it seems like I need to navigate through the passportlogin page somehow? To get the cookies? Can you provide more details on what you mean in the above comment. Thanks, Kevin

[Here](https://gluu.org/docs/ce/3.1.4/authn-guide/passport/#preselecting-an-external-provider) is a doc you can use for preselecting your authentication IDP. A preselecting link ( initiate from SP ) can be something like below: - change the hostname of your Gluu-passport server - Change client_id according to your setup - Add base64 encoded value for your `preselectedExternalProvider`. That value would be the provider name of your SAML IDP. Say....my remote IDP is 'idp1.gluu.org' which is registered in my passport server like below: ``` root@proxy:/etc/gluu/conf# cat passport-saml-config.json { "idp1_gluu_org": { "entryPoint": "https://idp1.gluu.org/idp/profile/SAML2/POST/SSO", "issuer": "urn:test:pass-saml:showcase", "identifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "authnRequestBinding": "HTTP-POST", "additionalAuthorizeParams": "", "logo_img":"{Provider Logo url}", "enable":"true", ..... ..... ..... ``` Here you need to grab `{"provider" : "idp1_gluu_org"}` and do base64 encode and put that in URI: `https://[Gluu_passport_server_hostname]/oxauth/restv1/authorize?response_type=code&client_id=%40%21B3BF.86D3.10AA.520B%210001%2188B9.ADF8%210008%21B03C.F3CF&scope=openid+email+user_name&redirect_uri=https%3A%2F%2Fproxy.gluu.org%2Fidp%2FAuthn%2FoxAuth&state=eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjb252ZXJzYXRpb24iOiJlMXMxIiwic3RhdGUiOiJGUUhmczNGQjZ1In0.&acr_values=passport_saml&preselectedExternalProvider=eyJwcm92aWRlciIgOiAiaWRwMV9nbHV1X29yZyJ9`