What is the point of OpenSAML? Any alternative?

I'm currently working on setting up a SAML IDP. At first, I thought spring-security-saml would help me, but I figured out that it only helps on setting up the SP side of the SAML protocol.

So I thought: let's go, let's use OpenSAML to make it.

And here comes the question: what does that library actually do? I understand this is a low-level library, but I don't get what is the point of it. I do not find neither good tutorial nor documentation and I feel like I just bought some IKEA furniture without the screws and without the manual.

Although, I saw a lot of interesting stuff like the decoders (HTTPPostDecoder), which get me an SAML object from an HTTP request, I don't know if a should manually check this object against the IDP metadata or if OpenSAML can check it automatically (I assume it cannot).

From there, I'm kind of lost in all these OpenSAML objects, I don't know which ones I should use and which ones I don't have to.

Just for instance, I tried to generate metadata from scratch, but I didn't find any default configuration that I could use out of the box and I end up with just one XML tag for 10 lines of code, so I don't get what is the real value of this library.

Could someone enlighten me about what OpenSAML do and does not do? Is there some good practice, helpers library that could wrap it and actually help me (or any alternative) or good tutorial that I didn't find yet? I think this definitely do something, but I can't get what and how...

Thank you by advance for your help!

Thank you for your answer. I figured out that it was really low-level. It would not bother me to use it if the documentation was a little bit end-user friendly. I basically know three of the IDP you mentionned. OpenAM is excluded, I work with it and I really hate the way it is developped. Ping is commercial so it's excluded too. I tried to take a pick at Shibboleth, we'll see. Do you think i can just reuse the SAML part to integrate it to my IDP? I also started to look at the SAML part of the CAS server, which could be a good lead!

Shibboleth can act as SAMLv2 IdP ... if you mean this by >reuse the SAML part to integrate it to my IDP

Well, what I want at the end is a single application, so i'd like to be able to embed Shibboleth IDP into my application and not to have to install it aside of my application.

I'm sorry but I do not get the use case. IdP and SP delivered by the same app?

Nope, just the IDP. I just want it to be inside my application and not to have to install a standalone IDP.