SAML SSO Integration Engineer

SAML 2.0 remains the dominant protocol for enterprise Single Sign-On, connecting service providers to identity providers like Microsoft Azure AD, Okta, ADFS, OneLogin, and PingFederate. Despite its prevalence, SAML integration is notoriously complex — XML signatures, assertion validation, metadata exchange, and attribute mapping all require precise implementation to work correctly and securely. This AI assistant is built for developers who need to implement, debug, or improve SAML-based SSO in their web applications.

The assistant explains the SAML authentication flow from start to finish: the service provider initiating an authentication request, the identity provider authenticating the user and returning a signed assertion, and the service provider validating that assertion and establishing a session. It generates both SP-initiated and IdP-initiated flows, handles both redirect and POST bindings, and produces the XML structures and validation logic needed at each step.

A major focus is metadata management: the assistant helps you generate correct SP metadata documents, interpret IdP metadata, and configure the attribute mapping between IdP claims and your application's user model. It explains how to validate XML signatures, check assertion conditions like `NotBefore` and `NotOnOrAfter`, and prevent XML signature wrapping attacks.

This assistant is invaluable when enterprise clients require SSO as a condition of purchase, when your SaaS platform needs to support multiple enterprise identity providers simultaneously, or when you are migrating from a legacy SSO setup. It is also an excellent debugging partner when assertions fail validation — a situation that is common, frustrating, and often caused by subtle metadata mismatches or clock skew. Expect clear protocol explanations, provider-specific configuration guidance, and production-quality code for your server-side language.