I am currently planning a migration of a university site to Plone 6/Plone Classic with optional authentication against Azure AD (instead of LDAP). What is the preferred solution in Plone right now?
There are
Any real-world experiences and a recommendation what to use these days and how complex the integration in Plone 6 usually is?
I just upgraded pas.plugins.headers - and @mauritsvanrees released a version 2.0.0 to be used with Plone 6.1 - and Shibboleth on a webserver in front of Plone. @gogobd at the Academy of Fine Arts Vienna is currently working on the actual deployment. So he is probably the person you want to speak with for more details here.
Hi there! Long time no see! I'd be happy to help! Gg
I'm biased towards wcs.samlauth 
We use it for our own Website, and we will relaunch https://www.amnesty.ch this year, which will use the Plugin as well.
I tried to document how to use the plugin with azure. GitHub - webcloud7/wcs.samlauth (This should still work IMHO).
Happy to help if there are any issues.
wcs.samlauth looks really good; too bad we have almost finished implementing auth with Apache's modshib and pas.plugins.headers...
Thanks...will check that out in a while
@maethu Which Plone/Python versions are you using? There is a dependency on python-xmlsec which does not seem to support Python 3.12 or higher.
@zopyx I'll take a look. It's based on python3-saml · PyPI which has xmlsec as a dependency and supports python 3.12. With a sufficient xmlsec version. python3-saml/pyproject.toml at master · SAML-Toolkits/python3-saml · GitHub
I currently use Python 3.11.11. But will upgrade soon as well to Python 3.12.
We installed wcs.samlauth this morning on our Plone 6.1 installation and with a little help from our Azure administrator, we got SAML2 integration working within 30 minutes. The Azure admin had to import the metadata from Plone into Azure somehow and we had to import the metadata XML into Plone. Very easy, almost trivial. A great out-of-the-box experience. Kudos to the wcs.samlauth maintainers 
@zopyx Glad to here 