We are an ISV building an enterprise SaaS product. We would like to enable our customers define their IDP SAML configuration. We are a startup and would like to support SAML as lean as possible.
After reading Okta's article I understand that:
Are a must. Say that we use a single ACS endpoint (We will implement our own logic by looking at the SAML assertion) Is there anything else mandatory?
What about bindings? Do all major IDPs support HTTP redirect?
We tend to use the HTTP redirect binding, should it work with most IDPs? Is a metadata endpoint important?
As for "what is required": in many cases, you will have to generate so called "metadata.xml" file to provide the information to the vendor, so they might install a testing environment for you. I've implemented about 5 SAML integrations with different vendors so far. The truth is that not all of them require full-fledged SAML 2.0 standard, but some of them do. I think my article should be also helpful to you https://dev.to/optiklab/working-example-of-saml-single-sign-on-integration-using-c-39mb and my open sourced SAML integration project (https://github.com/optiklab/SAML-integration-utilities) contains both Metadata File generator and C# examples for forming both SAML response and assertions. They proved to be working with many vendors, like Ping Identity, etc.
Let me know if you have more specific questions.