If you put the local LDAP option behind an IdP, then you're simply describing IdP discovery, for which there are various solutions, including as simple as two links on a web page. Shibboleth is meant to handle multiple IdPs seamlessly, distinguishing it from most other SAML SP implementations. -- Scott