An example, my dev box has moodle serving on:
and I have a test simplesamlphp instance as an IdP serving on:
In Moodle, it is configured to trust the IdP's metadata in http://moodle.local/admin/auth_config.php?auth=saml2
http://idp.local/simplesaml/saml2/idp/metadata.php
And in the IdP it is configured to allow logins from the Moodle (SP) by this config/config.php
'metadata.sources' => array(
array('type' => 'flatfile'),
array('type' => 'xml', 'url' => 'http://moodle.local/auth/saml2/sp/metadata.php'),
),
(Note this is for example only, SimpleSAMLPhp should be set up a bit better in production)
Now that they both mutually trust each other we can login via saml.