Is SAML 2.0 capable of storing all the users that are accessing my API-REST and this way I can keep track of the people that are entering my API? For example, if I want to know who accessed to my Api yesterday.
SAML is only the format in which your users' information arrives. e.g. using the examples, the following is how a user may be represented in SAML:
<saml:AttributeStatement>
<saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
The uid attribute would be their username along with their email address in the mail attribute. eduPersonAffiliation says what relationship they have to their organisation. In this case they are a user with a role of examplerole1 in their own organisation.
SAML does not record this beyond delivering it to your API. It would be up to you to extract these attributes and create your own auditing system from them.
A lot of SAML Identity Providers (IdP) release eduPerson attributes. The latest schema is here.