docs: custom SP

README.md

@@ -35,7 +35,7 @@ If neither of these previously mentioned endpoints are available, we can try to
 
 * a generic template which will assume that the button is on the home page ("/") and it has the words "log in" or "sign in" on it, and it is a link which will directly select the conformance IdP
   * this can be further extended to be able to bypass well-known discovery services by performing the selection of conformance IdP on the DS (only applicable if the conformance IdP is going to be in the DS)
-* a SP-specific template for SP-specific behavior
+* a SP-specific (or SP software-specific) template for SP-specific behavior
 
 ## Requirements
 
@@ -135,6 +135,17 @@ where
 * `<workflow_name>` is either `saml-request-init` for request initiation endpoint or `saml-discovery-response` for discovery response endpoint
 * `https://sp.example.com/` is the address of a (potential) SP server (only the domain is relevant)
 
+### SP (software)-specific template
+
+To test a service provider which does not provide the previously mentioned endpoints,
+create a copy of `saml-raw-all.yaml` or `saml-headless-all.yaml` and instead of the IdP-initiated login,
+perform the SP-specific action. If you need to run Javascript, click a button etc., you might need the headless
+version; otherwise the raw version is preferred.
+
+More information on writing templates for [HTML raw](https://docs.projectdiscovery.io/templates/protocols/http/raw-http)
+and [headless](https://docs.projectdiscovery.io/templates/protocols/headless) nuclei protocols is available
+in the official documentation.
+
 ## Current limitations
 
 * templates are only usable with the conformace IdP