Currently, SAML settings are configured through settings files. The actual settings should be moved to the database and configurable via the regular Xibo web interface.
Along with this, there should be an optional setting to allow admins to use the normal login page for local accounts even after SAML is deployed. Why? Because if SAML breaks, admins need to be able to fix it. However, require a query string containing a random 64-character variable to access the local login page. Example:
The admin would need to bookmark this address for emergencies.
We are making these suggestions because we recently signed up for Xibo Cloud and, when we implemented SAML, we had to go through Xibo support to implement the settings. This is highly unusual nowadays. Most SaaS providers implement SAML as a self-service option to (a) reduce support costs and (b) allow admins to make changes to the settings as needed so admins can experiment.