Progress has been made. I would like to invite interested community members to work on a solid volto/plone saml2 integration. From what I've read so far, is that @riker11451 has managed to get it to work with Volto. So it would be extremely helpful if he could chime in on this.
Currently I am at the stage that:
- the backend is authenticating to Azure using the saml2 addon wcs/samlauth created by @maethu. There is some great documentation available at the github site of the addon (GitHub - webcloud7/wcs.samlauth)
- the backend is accessible using https by implementing an nginx rewrite rule
- when accessing https://myhost.example.com/Plone/acl_users/saml/sls, my user is authenticated and created (if non existent)
For more background on the setup and nginx configuration, please read this post: Accessing the classic ui on a deployed CookiePlone instance - #4 by ghnire
The next steps include:
- Create a button in a Volto add-on to kick off the saml2 authentication
- Make use of the saml2 backend integration and somehow let Volto know the user is authenticated (or not)
- Replace the button for an automatic redirect for anonymous users
If anyone has any experience in this area, please provide some guidance. I am merely an IT manager trying to make sense of it all. However, if we can come up with a solid solution, I will put in the time to document and test everything. Having Saml2 as an integrated add-on using the preferred Volto/Plone combination, will lower the threshold for adopting this wonderful CMS.