[jarvuschris]

Just do it and see what happens ¯\_(ツ)_/¯

Most certainly use a library at least for building and parsing messages. All the complexity is in figuring out how to use your particular library and figuring out any quirks in the systems your connecting re: what fields and formats they expect. It's not really something you can read up on and then know before you start

[zrail]

This is 100% my experience as well as a SAML SP. After the first few customers onboarding largely consisted of certificate exchanges and figuring out where the IdP put the fields we needed. Before that there was s lot of development to add those configuration knobs.

[mcguire]

XML encryption is weird. Some IdPs can handle the official "Encryption inside an XML doccy" thing, but others only like XML, encrypted.