In the current version of OO the "order" of authentication is fixed. Currently this "Order" is set to SSO, SAML, LDAP. This should be made configurable.
Currently if a user logs in and an SSO cookie is found, OO will always use SSO for authentication and SAML will not be used.
This "Order" of Authentication should be made configurable. E.g. change to SAML, SSO, LDAP and in this case first authenticate using SAML and only if this fails use SSO.