I have a requirement for a Picketlink SP authenticating against a multi-tenant IDP. The IDP that the picketlink SP app is attempting to use has to use SP-initiated auth. Users will begin interaction at the IDP, and then be redirected to the Picketlink SP, where the SP-initiated auth flow will begin (POST binding).

What this particular IDP needs is the ability to dynamically specify a tenant ID as a URL parameter in the GET request that kicks off the SP-initiated flow. See diagram attached for full explanation.