I've been through exactly where you are right now, but was never contracted to fulfill the estimate ... so this may not be very helpful. I'll speak a little Apache here because I am not familiar with IIS, but I know you are bright enough to cross-reference.

SAML is going to be your biggest burden. The analysis, design, development, testing and implementation will be the most complex portion of the project. If the project requires a separate subdomain or particular Apache alias and configuration directives you'll have to plan for that as well (virtual host container configurations, etc.) And if this is indeed the case, don't forget to plan DNS updates.

Creating the data elements and structuring the XML request should be fairly straightforward and least demanding, technically speaking. Encrypting it and formatting the signature is a bit more advanced as is following and applying the XML standards for these tasks, but not too far out of reach for a tech-savvy developer.

Encryption should be straightforward too, but throw in a few extra hours, anticipating bumps in the road as is often the case when dealing with encryption. You'll need to setup the keys and key management.

---

I've written a number of SSO services. My least favorite has been the SiteMinder Apache module integration. My favorite was custom code with custom encryption.

I actually found some sample code for C# provided by Google. Its a bit dated, and I think could be coded better but it is a start.

As for the project, it won't need a subdomain or anything that fancy, with my current plans. It will just use a subfolder for this part of the application which will be separate from everything else.

Reference:
[code.google.com...]

Going to pubcon? I would love to discuss details :-)
Good luck with the project my friend.