Yannick,
Glad to hear the commonality in thought/direction! For the scenario I was talking about, we recommended they use SiteMinder, CA's SSO & IAM (Identity Access/Mgmt) tool. It's a great solution for their problem b/c of the maturity model they could grow into using this tool. They could just use it for SAML/SSO to satisfy their current project need (they had a proprietary user store to integrate with) and then as their use cases matured they could extend the use of SiteMinder into full IAM for this external user base down the road.
For what it's worth, we've done SSO/IAM product evaluations in the past, ironically driven by API strategy engagements. And before we were even affiliated with CA as a solution provider partner, SiteMinder held the #1 spot in our recommendation.
To answer the other part of your question, we're a .NET shop and we've also implemented a somewhat custom saml provider for a group that needed a quick (ie. short-term) answer and didn't want to pay for a boxed SSO solution until the following fiscal year. For that project, we ended up using Thinktecture's open source Identity Server solution (a framework that plugs into .NET) which gave us a big head start on all the identity server functionality that we could then just customize from there.
- Chase Fryer