The SAML 1.x specifications provide for a non-normative service provider (SP)-initiated scenario called “destination-first.” This scenario lets web developers create applications that enable a user to initiate SSO from the SP site.