Having worked with implementing SAML for a large University-funded application, I learned more than I ever wanted to know but less than I needed to know
This is exactly how it works every time I need to touch SAML. Spend two weeks with the ping identity manual, somehow get everything working, forget all about it until the next time a customer wants it :}
Ping ID is "SAML" - they actually don't comply with the spec. If you remove the Bearer element from the SAMLRequest, you should be on your way. Ask me how I know.
I see this comment often, but when I implemented SAML, the spec wasn't too unreadable... I did write my own IdP [0] instead of using something that existed though, since those were more complicated than I needed.
So maybe because I only implemented features I was using it wasn't bad. What did you struggle with?
I was in charge of a SaaS offering for Academic and Public libraries years ago, and we had to add SAML functionality for the Academic side ... it was a frustrating few weeks, and I was glad when it was over.