The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream Web Service Provider.
For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.
The source code contributed by the University of Chicago is available in Jasig SVN's sandbox. More specifically, it's in the Shibboleth - uPortal Integration section of the sandbox. There are 3 sub-projects in there:
Delegated SAML Authentication Library
This is the library that enhances the Apache HTTP Client library to allow portlet developers to perform delegated SAML authentication from their portlets.
SAML Assertion User Attribute
This is a library that needs to be installed and configured in uPortal to retrieve and pass to portlets the SAML assertion issued by Shibboleth Service Provider (SP). This assertion is required to perform delegated authentication.
SAML Assertion Test Portlet
A simple Spring Portlet MVC portlet that can be used in testing.
Please see the following pages for further details on building, installing, and configuring these.