We have the following requirement

1. User click on login in mobile app
2. User would be redirected to SAML IDP partner for authentication.
3. User would authenticate and then OpenID token would be generated if authentication is successful.
4. How can this be achieved?

SAML and OpenID are two independent authentication mechanisms. OpenID requires a full authentication flow for a user to be given a JWT. Why are you trying to mix SAML and OpenID? Are you trying to authenticate a user with SAML and then give them authorization to an application that requires a JWT?

The flow here, in the way that I understand it, requires the following:

1. App uses IBM Security Verify as it's OpenID identity provider (OP).
2. IBM Security Verify redirects users to a SAML identity provider for authentication
3. SAML authentication happens between the external SAML IdP and establishes a session with IBM Security Verify.
4. OpenID authentication happens between the app and IBM Security Verify.

In other words, this:

SAML IdP (ex. ADFS) <--SAML2.0--> IBM Security Verify <--OIDC--> Application

Yes, any input?

Are you trying to authenticate a user with SAML and then give them authorization to an application that requires a JWT?

the mobile app wants to authenticate against the country's main authentication provider which hold the user information of all citizens and this IDP only support SAML and later user the access_token to call services protected by ISAM