[rmrfchik]

Implemented SAML sso last month. SAML protocol and formats look so fragile and confusing. XML looks outdated in modern days and XML signatures/encryption are hard. Protocol requires deflated base64 on some step, but you can't enflate/deflate easily with cli tools. On other step only base64 is required (why?). All seems error prone and inconsistent. And I feel it can be done much much much simpler.

[ned_at_codomain]

Yeah, I won't dispute this at all. I've spent a fair amount of time forcing myself to develop expertise in SAML ... and it kind of sucks.

Any chance you'd share which libraries you used, if any? I'm really trying hard to compile resources that make SAML SSO less of a nightmare, and part of that effort involves tracking down bad documentation.

[rmrfchik]

I used onelogin's java-saml-toolkit. But at first I reproduced all process by hand until I groked it. And then I hated it. To be hones, it's not such pain in the ass.

[rkwz]

I've used Passport SAML for Node - https://github.com/node-saml/passport-saml