The following may help you determine whether SAMLv2 Identity Provider Proxy is suitable for your environment.
The Identity provider can proxy authentication requests from Service Provider to various Identity Providers to which the user has authenticated.
Users are granted seamless access to all the available service providers as long as proper trust relationships are established among those Service Providers, Identity Provider Proxies, and the actual Identity Provider.
Using the SPI implementation, administrators can customize how the preferred Identity Provider is determined.
End-users can turn off Identity Provider proxying per each connection request.
There is a potential for increased performance overhead.
Adding intermediaries such as Identity Provider Proxies increase the likelihood of negative impact on overall system performance.
Using SAMLv2 and non-SAML protocols in the same environment is not currently supported. This can pose a limitation if non-SAML protocols are already in place. However, support for Identity Provider Proxy using multiple protocols is planned for a future release of OpenSSO Enterprise.