Service provider initiated additional authentication in a federated system

What is claimed is: 1. A method for accessing, initiated by a service provider, a high value transaction website using an additional authentication, the method comprising: accessing, by a processor, a website hosted by a service provider, wherein; the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites; responsive to receiving a validated user identification associated with the user and password associated with the user, requesting, by the processor, a token from an identity provider that maintains the FSSO credentials for the website, wherein; the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO; the token restricts the user to access only a transaction at the website; and the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access; receiving, by the processor, the token and causing the token to be stored at the service provider; receiving a second indication, by the processor, that the token has been inserted into a security protocol and is validated by the identity provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors; receiving, by the processor, a second indication that the user's session of the website has expired; subsequent to the second indication that the user's session of the website has expired, requesting to access, by the processor, the transaction at the website; executing, by the processor, the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website; subsequent to the second indication that the user's session of the website has expired, causing, by the processor, the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and responsive to validation of a submission of the one-time password accessing, by the processor, the transaction at the website hosted by the service provider. 2. The method of claim 1 , further comprising: receiving, by the processor, a third indication that the user has provided the one-time password to access the transaction; receiving, by the processor, a fourth indication from the identity provider that the one-time password has been verified, and responsive to receiving the fourth indication that the one-time password has been verified, executing, by the first processor, an endpoint, wherein the endpoint allows access to the transaction at the website hosted by the service provider. 3. The method of claim 1 , wherein the service provider provides web hosting services to the user. 4. A computer program product for accessing, initiated by a service provider, a high value transaction using an additional authentication, the computer program product comprising: one or more computer readable storage devices; and program instructions stored on the one or more computer readable storage devices, the program instructions comprising: program instructions to access a website hosted by a service provider, wherein; the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites; responsive to receiving a validated user identification associated with the user and password associated with the user, program instructions to request a token from an identity provider that maintains the FSSO credentials for the website, wherein; the token provides access to an application programming interface (API) for the plurality of websites utilizing Federated Single Sign-On (FSSO); the token restricts the user to access only a transaction at the website; and the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access; program instructions to receive the token and cause the token to be stored at the service provider; program instructions to receive a second indication that the token has been inserted into a security protocol and is validated by the identify provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors; program instructions to receive a second indication that the user's session of the website has expired; subsequent to the second indication that the user's session of the website has expired, program instructions to request to access the transaction at the website; program instructions to execute the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website; subsequent to the second indication that the user's session of the website has expired, program instructions to cause the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and responsive to validation of a submission of the one-time password, program instructions to access the transaction at the website hosted by the service provider. 5. The computer program product of claim 4 , further comprising program instructions, stored on the one or more computer readable storage devices, to: receive a third indication that the user has provided the one-time password to access the transaction; receive a fourth indication from the identity provider that the one-time password has been verified, and responsive to receiving the fourth indication that the one-time password has been verified, execute an endpoint, wherein the endpoint allows access to the transaction at the website hosted by the service provider. 6. The computer program product of claim 4 , wherein the service provider provides web hosting services to the user. 7. A computer system for accessing, initiated by a service provider, a high value transaction using an additional authentication, the computer system comprising: one or more computer processors; one or more computer readable storage devices, wherein the one or more computer readable storage devices are not transitory signals per se; and program instructions stored on the one or more computer readable storage devices for execution by at least one of the one or more computer processors, the program instructions comprising: program instructions to access a website hosted by a service provider, wherein; the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites; responsive to receiving a validated user identification associated with the user and password associated with the user, program instructions to request a token from an identity provider that maintains the FSSO credentials for the website, wherein; the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO; the token restricts the user to access only a transaction at the website; and the transac