In this scenario a user attempts to access a protected resource directly on an SP Web site without being logged on.

The user does not have an account on the SP site, but does have a federated account managed by a third-party Identity Provider (IDP). The SP sends an authentication request to the Identity Provider (IDP). Both the request and the returned SAML Assertion are sent through the user's browser via HTTP POST.

More Information#

There might be more information for this subject on one of the following: