1. Proposed title of this feature request.
OCP support for SAML in disconnected environment

2. What is the nature and description of the request?
Goal is to use ADFS servers for identity management with no network connectivity whatsoever between OpenShift and ADFS server. If OpenShift would support SAML as identity provider out of the box, this would work fine as per SAML's architecture that only requires network connectivity between browser and identity provider.

3. Why does the customer need this? (List the business requirements here)
To integrate ADFS servers as identity management in a disconnected OCP cluster.
 I guess this could be implemented by using the RequestHeader identity provider. They would implement a login proxy with connectivity to OpenShift cluster. The OpenShift oauth-server would redirect the user to this proxy, the proxy would redirect to the ADFS, and as the user logs in, they get the credentials payload that they would present to the proxy. The proxy would then retrieve the token for the user as usual.

This is exactly what https://github.com/openshift/request-header-saml-service-provider aims to do. Except that it is unsupported and has never been updated for OCP4.