The Identity provider can proxy authentication requests from Service Provider to various Identity Providers to which the user has authenticated.
Users are granted seamless access to all the available service providers as long as proper trust relationships are established among those Service Providers, Identity Provider Proxies, and the actual Identity Provider.
Using the SPI implementation, administrators can customize how the preferred Identity Provider is determined.
End-users can turn off Identity Provider proxying per each connection request.