We are trying a use case where Google will be a our Identity Provider and OpenAM as Service Provider and then OpenAM will be then acting as Identity Provider for a other app where it has to send a SAML assertion for it to consume.
If you are using OpenAM 13 or better yet 13.5 then you could create a standalone SAML config between OpenAM and your SP. Then set the IDP in OpenAM to require it to use an authentication chain that invokes the new SAML 2.0 authentication module (integrated mode). That module will act as an SP to Google as the IDP where the user authenticates. For information on integrated mode see: https://backstage.forgerock.com/docs/openam/13.5/admin-guide#saml2-integrated-mode
If you are using OpenAM 12 or below then you would set up OpenAM as an IDP Proxy. It would look like:
SP -> OpenAM IDP -> OpenAM SP -> Google IDP
OpenAM is configured with an entity that acts as both an IDP and a SP.
ForgeRock builds secure relationships across the modern Web including cloud, social, mobile, and enterprise environments. ForgeRock can extend identities to any “thing” connected to the Internet. We support mission-critical operations with a fully open source platform.
Our customers are recognized market leaders such as GEICO, salesforce.com, Thomson Reuters, McKesson, and Vantiv, as well as governments building out
online services for their citizens, such as the Government of Norway.