I've answered two questions on the forums today concerning SAML 2.0 protocol stacks that people are trying to roll on their own.
Not surprisingly, they are stuck and I can pretty much guarantee that there are security holes in their solutions that you could drive a Soviet May Day parade through!
SAML is hard, security is hard, writing security software is even harder,
Please use a library e.g. SAML : SAML connectivity / toolkit