I want to authenticate my GSuite users using my own .net core web application as Identity Provider.
https://support.google.com/a/answer/60224?hl=en
However, I don't know where to even start. I've been actively and diligently looking for the solution but all of them are from commerce company and it is a bit over-kill to use their service.
A good commercial provider is: https://www.componentpro.com/products/saml
Is there a hidden gem open source libraries somewhere that I missed?
I know this question is quite general but any help is much much appreciated.
SAML2 stack for .NET.To build a SAML-compliant Identity Provider for federated identity you'll need not only SAML tokens but SAML protocol (v2 is the only one I've seen being supported by external providers like Google, Okta, Auth0, AWS Cognito and others). They all use either SAML 1.1 or 2.0 tokens from within SAML 2.0 protocol.
From a long research (still going on) I came to only one free SAML2 library I'd trust: Sustainsys (you can find it on NuGet). It will enable SAML2 (including the protocol) on your application, perform assertion validation and all. Looks interesting but it will work only for new projects.
You can rely on two paid suites, too: ComponentPro and ComponentSpace (the last one sounds more stable/robust but it's merely a feeling, as you cannot find real-proof that it has been used by all those companies on a real-world production app.
You can create a SAML2-P compliant app/module but you'll have to handle signatures, message receival, validation, assertions and more. I'd recommend against that as it's quite easy to miss something which could later be exploited as a security breach.
SAML is not the only path here. You might give a try to OpenID Connect or WS-Federation as well. Check more on Authentication Federation topic and you'll find other protocols. One might solve your problem easier than with SAML.