Here is the scenario.
Numerous SPs and one IDP. The SPs rely in the IDP to provide identity in the SAML response (i.e., first name, last name, address, etc.). An end user logs in to an SP and the IDP sends as part of the SAML repsone the users name and address (thier profile data) and the SP displays that to the user. A user notices their address is out of date. The SP provides a link back to the IDP to facilitate the user updating their address. The IDP provides the user a link back to the SP but their updated address is not passed to the SP. The end user is now confused as they just updated their address. Is there a way to force a new SAML response without forcing the user to logout/in again?
Instead of the IdP having a link directly back to the SP, if the link was to the IdP-initiated SSO endpoint of the IdP, the IdP shouldn’t redirect to a login page as it would already have a valid session for that use. I would expect, without having tried this, that the IdP would generate a new SAML response and send it back to the user’s browser which would submit it to the SP.