SAML (Security Assertion Markup Language) is a legacy protocol that enables identity federation between an identity provider (IdP) and a service provider (SP). Implementing SAML from scratch can be challenging due to its complexity, ambiguity, and security pitfalls. The protocol's reliance on XML signatures, IdP quirks, and security vulnerabilities makes it prone to errors and maintenance issues. Common mistakes include trusting the wrong signature, skipping audience validation, improper XML parsing, and assuming metadata is static. To avoid these pitfalls, it is recommended to offload SAML implementation to a provider that can handle the complexity, such as WorkOS, which normalizes differences across identity providers and handles edge cases through a single, unified API.