The openssl utility can be used to generate a SAML (Security Assertion Markup Language) key pair which consists of a public certificate and a private key.
The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example.
The flags to req are as follows:
-new for a new certificate (cert) request
-x509 to output a self-signed cert instead of a cert request
-days 365 for a year-long cert
-nodes to not encrypt the private key
-sha256 is the digest algorithm for signing the cert
-out saml.crt specifies the certificate output file
-keyout saml.key specifies the private key output file
See man openssl and search for openssl req for more details.