Our enterprise uses a third-party product for authentication that is capable of being configured for both OAuth2 and SAML. We'd like to set Plone 5 up as a resource provider/SP and use our third-party product as an authorization server/IdP. From what I've researched online, there's pas.plugins.authomatic, which looks like it only works with some well-known providers like GitHub, pmr2.oauth, which seems pretty out of date, and several commercial solutions. Which is the easiest to configure, and will the Authomatic plugin work with something that is not GitHub/Google/etc? Is it better to use SAML in this case instead?