Overview
The concept of delegated SAML authentication is similar to proxy CAS, where a delegate is able to authenticate and act on behalf of a user. This type of authentication is needed for portlets, which need to authenticate on behalf of the portal's user to a downstream application.
For a more detailed explanation of details and interactions needed to accomplish this multi-tier authentication, please refer to this page in the Internet2 Wiki.
To get delegated SAML Authentication working please follow the instructions outlined in Configuring uPortal to pass the SAML Assertion. Once uPortal has been correctly configured reading up on using the Web Proxy Portlet with Delegated SAML Authentication and developing a custom portlet using the Delegated Authentication Integration Library should be read depending on the need.