Is it possible to configure Plone to authenticate Users via AD and Shibboleth (if user not in AD)? Have anyone practical knowledge?
You can integrate via SAML2 - which has been designed to include Shiboleth functionality.
SAML2 can e.g. be integrated either via a Web server solution together with a delegating PAS plugin or with dm.zope.saml2
.
If you need only the authentication part, not groups, properties, enumerate users, ... a different approach that still works is plone.session/iis-login at master · plone/plone.session · GitHub. A similar ASP script could be easily rewritten with other languages. The authentication part would be implemented outside plone, generally on IIS or Apache2 + shibboleth or whatever ...