Is samlify IdP suitable for use in production?

[agt-ru]

Hi, @tngan and the samlify community.
I already have an auth service written in NestJS where users can sign up and sign in, recover their passwords and verify an email. All the credentials are stored in MongoDB, and a session is created by putting JWT in a user's browser cookie.
But now, in order to be able to provide users with a single sign-on to an external Support Desk application, I need a SAML IdP.
Is samlify IdP ready to use in production?
How long you think it would take to make it fully work?
Is this project actively supported or is it just a side-project more to test SAML?
I only know of one other good alternative to it - and it's Keycloak. I haven't used it, though.
Or may be it's better suited for production? How would you compare time and resources to either integrate samlify or Keycloak into an existing auth service or may be to completely replace it?
Or may be it all needs a dedicated team of security and IAM professionals to manage and it's better to stick to a SaaS like FusionAuth or Auth0?
The only kind-of tutorial I found for samlify is a comment in this discussion: #447
May be someone knows an article, how-to or an example to better understand building and IdP with samlify?
I also wanted to ask, when working with samlify/Keycloak and thus developing an IdP, do I need to read a great number of docs on oasis site on SAML? Or is it only for those developers who make something really custom and low-level?
Thanks in advance.

[tngan]

@agt-ru The IDP part for samlify only caters the most common use case. We have provided functions to help parsing and construct the response, which are customizable and low level. Samlify is just a library helping you to construct the SAML request and response, performing parsing, signing and encryption in different protocol bindings.

[agt-ru]

@tngan thanks for the quick reply.
Can you list some production features that are out of the scope of samlify?
I did implement a simple test app and created an IdP and an SP with samlify that speak with each other.
Can it be enough for a production app if I sign and encrypt a response?
I am especially interested in this one aspect - provisioning. I need to somehow create users with specific email in an external Support Desk SP which I am about to connect to my Auth Service (which I'm gonna make an IdP with samlify). Is it a whole another big feature that is hard to implement?
I like samlify, because it is easy to integrate it into an existing app and I won't need to mess with DB (say, migrate it). For example, I skimmed through Keycloak docs and they say that one uses an existing DB with users (no migration), but they do not even support Mongo, so it seems to be a big deal.
Still, would you recommend sticking to Keycloak, if I'm the only developer for this SSO task and need to deliver a working solution in, say, from two weeks to a month. Or even this would take longer?

[tngan]

Yes, if you have signature and encryption, it should be enough for production, and make sure you are using https.

IDP related functions provided in samlify only handle the SAML part, this library does not have restriction on the source of auth information (i.e. user email, role, id, etc), say you need to fetch yourself from the persistence (i.e. adfs, db, etc) before you construct the SAML response.