Here's how I set up FusionAuth as a SAML IdP (idp.fusionauth.io) and added a 'Login with SAML' button on a FusionAuth instance (local.fusionauth.io). Both servers are running 1.24.0. I do have multiple tenants in both local and demo, but both applications are in the default tenant. (Setting up these servers locally is possible, but beyond the scope of this post.)
Created a RSA 256 keypair on idp.fusionauth.io in key master (saml test)
Created a RSA public key and imported the saml test public key into key master on local.fusionauth.io
Add POST as an allowed CORS method in the local.fusionauth.io settings, with an allowed origin of https://idp.fusionauth.io.
Created an application (samlsp) in local.fusionauth.io. Added a oauth redirect url to the application.
Created an application (samlidp) in idp.fusionauth.io. Added a oauth redirect url to the application.
Configured samlidp application with the following values:
enabled SAML on the SAML tab
set the issuer to https://example.com
added an authorized redirect url: https://local.fusionauth.io/samlv2/acs
set the response signing key to 'saml test'. All other response fields are default.
Configured a SAML identity provider on local.fusionauth.io
name: idpfusionauth
IdP endpoint: https://idp.fusionauth.io/samlv2/login/a743e2cd-55bb-789c-b076-8846fdd3a51f ( pulled from the applications details screen of the samlidp application)
use nameid for email: true
verification key: use the certificate of the aforementioned saml test public key (not the public key!)
use post method: false
sign request: false
applications: samlsp enabled and registration enabled
Updated the issuer on the samlidp application SAML screen. Set the issuer to https://local.fusionauth.io/samlv2/sp/dfd114b9-7b57-446d-8f60-ec6689f47da4. This value is pulled from the local.fusionauth.io SAMLv2 Identity Provider details. Note that you may need to trim this value, as when you copy it there may be spaces in front or behind, and if you don't remove them, you'll see a The AuthnRequest contained an invalid issuer message.
By following these steps, when you open up an incognito window and go to the login page of the samlsp application, you will see a 'login with saml' button, and then you can login with that.