Using a service-provider password to simulate f-sso functionality

What is claimed is: 1 . A method for simulating Federated Single Sign-On (SU-F-SSO) functionality, the method comprising: a processor of a computerized single-use SU-F-SSO system receiving, from an Identity Provider of an F-SSO federation, a notification that a user has submitted a single sign-on request for a secured service of a Service Provider, where an existing single sign-on authentication procedure of the identity Provider authenticates a requestor's identity and identifies that the requestor is authorized to access the secured service by comparing information comprised by the requestor's single sign-on request with a set of trusted data retrieved from a federated server of the F-SSO federation, and where the Identity Provider, as a function of the authenticating has previously: sent a response to the Service Provider indicating that the Identity Provider has authenticated the user, notified the processor that the Identity Provider has authenticated the user, and redirected the user to a SU-F-SSO endpoint managed by Service Provider; the processor identifying and authenticating the user privileges as a function of the notification; the processor creating an on-demand password; the processor storing a copy of the on-demand password in an information repository secured by the Service Provider; the processor transmitting the on-demand password to the user; and the processor redirecting the user to the Service Provider's local logon portal, where the user is granted single-sign on access to multiple services of the Service Provider in response to the user's submission of the on-demand password to the local logon portal. 2 . The method of claim 1 , where the on-demand password is limited to a single use. 3 . The method of claim 1 , where the on-demand password is subject to constraints selected from the group consisting of: limiting the on-demand password to a certain number of uses; limiting the password to use during a single session of the secured service; limiting the password to use during a specified period of time; limiting the password to use during a specified period of time after the first use of the password; and requiring the user to perform an additional authentication procedure when entering the password. 4 . The method of claim 1 , where the on-demand password is transmitted to the user through an out-of-band communications method. 5 . The method of claim 4 , where the out-of-band communications method comprises a communication sent to a user-controlled destination that is not part of an F-SSO protocol exchange, where the out-of-band communication is selected from a group consisting of: a voice message; a fax; an SMS text message; an email message; a communication to a social-media service; an instant message; and a communication sent through the Internet to a software program running on a device that is accessible to the user. 6 . The method of claim 1 , where the notification is received in response to: the processor, responding to a detection by the processor that the user has requested access to the secured service from a local portal under control of the Service Provider, redirecting the user to a local portal under control of the Identity Provider, in; and the processor requesting that the Identity Provider identify and authenticate the user. 7 . The method of claim 1 , where the notification is received in response to a detection by the Identity Provider that the user has requested access to the secured service from a local portal under control of the Identity Provider. 8 . The method of claim 1 , where the Service Provider is a cloud-computing service provider, the secured service is a cloud-based service deployed and controlled by the Service Provider on a cloud-computing platform provided by the Service Provider, and the Identity Provider is a client of the Service Provider that controls an application deployed on the cloud-computing platform provided by the Service Provider. 9 . The method of claim 1 , where the notification comprises an F-SSO message that comprises an authentication token. 10 . The method of claim 9 , where the F-SSO message and authentication token are formatted as one or more SAML assertions. 11 . The method of claim 1 , further comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable program code in the computer system, where the computer-readable program code in combination with the computer system is configured to implement the receiving, the identifying and authenticating, the creating, the storing, the transmitting, and the redirecting. 12 . A single-use SU-F-SSO system comprising a processor, a memory coupled to the processor, and a computer-readable hardware storage device coupled to the processor, the storage device containing program code configured to be run by the processor via the memory to implement a method for simulating Federated Single Sign-On (SU-F-SSO) functionality, the method comprising: the processor receiving, from an Identity Provider of an F-SSO federation, a notification that a user has submitted a single sign-on request for a secured service of a Service Provider, where an existing single sign-on authentication procedure of the Identity Provider authenticates a requestor's identity and identifies that the requester is authorized to access the secured service by comparing information comprised by the requestor's single sign-on request with a set of trusted data retrieved from a federated server of the F-SSO federation, and where the Identity Provider, as a function of the authenticating has previously: sent a response to the Service Provider indicating that the Identity Provider has authenticated the user, notified the processor that the Identity Provider has authenticated the user, and redirected the user to a SU-F-SSO endpoint managed by Service Provider; the processor identifying and authenticating the user privileges as a function of the notification; the processor creating an on-demand password; the processor storing a copy of the on-demand password in an information repository secured by the Service Provider; the processor transmitting the on-demand password to the user; and the processor redirecting the user to the Service Provider's local logon portal, where the user is granted single-sign on access to multiple services of the Service Provider in response to the user's submission of the on-demand password to the local logon portal. 13 . The system of claim 12 , where the on-demand password is limited to a single use. 14 . The system of claim 12 , where the on-demand password is subject to constraints selected from a group consisting of: limiting the on-demand password to a certain number of uses; limiting the password to use during a single session of the secured service; limiting the password to use during a specified period of time; limiting the password to use during a specified period of time after the first use of the password; and requiring the user to perform an additional authentication procedure when entering the password. 15 . The system of claim 12 , where the on-demand password is transmitted to the user through an out-of-band communications method, and where the out-of-band communications method comprises a communication sent to a user-controlled destination that is not part of an F-SSO protocol exchange, where the out-of-band communication is selected from a group consisting of: a voice message; a fax; an SMS text message; an email message; a communication to a soc