I don't know a lot of security engineers that agree, and while (as a SAML implementor) I have my own opinion, "don't do new SAML implementations" is mostly me parroting what I think is the consensus.

I think... it probably is as cut and dry as I'm suggesting.