I have a working SAML SSO IDP portal and struggling to get chromebooks to authenticate correctly. The SAML process DOES work so you will not need to worry about the SSO process. This is what we are seeing:
1) We turn on the Chromebook and are forwarded to our IDP (as expected) for authentication in the normal chrome "login window"
2) We authenticate against the local IDP in the login window that is provided
3) Authentication happens
4) Instead of the login window going away and a full / real browser opening on the chromebook occurs, the new page is opened in the severely limited "chromebook login" window. If we close that window, we are logged out and a new login window appears.
What we expect to happen is the login window is closed and a new browser is opened.
We believe this article has something to do with it: http://www.chromium.org/administrators/advanced-integration-for-saml-sso-on-chrome-devices
You will also need a Chromebook to do this work; it will not be provided.