As OIDC will be another 
protocoll that should be maintained and supported by our staff this will be not a solution for us.
Just to understand the problem: Why can’t there not be just an configuration option for every slave site where we can configure the SAML credentials for each slave site (Certificate, URL…) User creation should not be possible via slave sites and the permissions in check_mk for every user are alrady set using the master site.
Having SAML authentication only on the master site is boring and quite useless because we still have to use Kerberos or something like that additionally on the slave sites.