Workflow of SAML with multiple SP

Hi all,

I read SAML Authentication to multiple applications
And I set up an IDP with multiple SP.

After user login SP1 (authentication & authorization)
I wonder what happens if the user tries to access SP2?

  1. Since the user is login, the request of SP2 no need to authentication. Just go to IDP for authorization (check what resources the user can access)
  2. User already login (authenticated) & get all authorizations information at once. no need to redirect request of SP2 to IDP again
  3. all above are wrong

Please give me more detail about this, thanks!

Han Shih