SAML is a simple enough in concept (I as SP don't know who you are, but I am configured to trust IdP, so if you can get a signed document from IdP saying "the bearer of this document is X", then I'll trust that), but XML canonicalization and signing is a pain to get right, validation has a number of gotchas, the standard has too many optional parts and is too configurable, and it's difficult to test conformance. Having implemented both SPs and IdPs before, gotten them wrong in a few subtle but dangerous ways before getting them right, and having had to test against a variety of IdPs and SPs before determining that it was mostly compatible after adding a bunch of IdP-specific configuration parameters, I don't recommend SAML 2.0 itself if it can be avoided.
OIDC isn't perfect, but it is much better. The entire assertion is a JSON Web Signature, so there's no opportunity for ambiguous extra unsigned data and the canonicalization is dead simple (UTF8 base64 URL of bytes). Fewer optional components. Smaller message sizes.
Edit: if you need a SAML IdP for your organization, I had great experiences with Okta. Ping was opaque, less flexible, and overly complex. Didn't do the configuration side of ADFS, but it wasn't particularly hard to communicate with.
OIDC isn't perfect, but it is much better. The entire assertion is a JSON Web Signature, so there's no opportunity for ambiguous extra unsigned data and the canonicalization is dead simple (UTF8 base64 URL of bytes). Fewer optional components. Smaller message sizes.
Edit: if you need a SAML IdP for your organization, I had great experiences with Okta. Ping was opaque, less flexible, and overly complex. Didn't do the configuration side of ADFS, but it wasn't particularly hard to communicate with.