Minor nitpick: sign in with Google and Facebook don’t use SAML, they use OAuth and OpenID Connect. Leading with those as an example undermines the authors later points.
But at least Google can be used as a SAML idP for external services, which is what I think the author meant.
SAML as far as I know doesn't specify how exactly an identity provider authenticates a user but only how, once a user is authenticated, the user has a specific "identity" in the context of the service provider that initiated the authorization/authentication process. Therefore the authentication mechanism on Google/Facebook's side can be OAuth or something else, but once completed, the mechanism to convey the identity of the user to the originating service is SAML.
mariusor|4 years ago
SAML as far as I know doesn't specify how exactly an identity provider authenticates a user but only how, once a user is authenticated, the user has a specific "identity" in the context of the service provider that initiated the authorization/authentication process. Therefore the authentication mechanism on Google/Facebook's side can be OAuth or something else, but once completed, the mechanism to convey the identity of the user to the originating service is SAML.