As an end user, once authenticated in one app, I want to be logged into another app which uses a different identity provider that trusts my IAM Server instance, without having to re-enter my credentials. Further, I want to access the functionality (of the app) to which my role is authorized.

For example, as a credit score check service which is external to the IAM Server. Or Federation between IAM Server and OpenShift's Identity Provider.