Feature Request: Shibboleth integration

[jtgorman]

It would be preferable if AtoM accepted a Shibboleth connection, similar to CAS or LDAP. The typical pattern here would be if a user doesn't have an active logged in session tries to log in we...

1. Redirect the user to a Shibboleth Identity Provider
2. They log into that identity provider and get redirected back to our AtoM instance
3. AtoM instance uses information to set permissions and create user if necessary

We'll need to have session timeouts too if AtoM doesn't already support it.

Looking at the current login process, we might need to tweak it so that there's a way to choose if we log in with an internal or shibboleth based accounts.

Some pointers to developing plugins like the CAS and LDAP ones would be useful. I might be able to add this as part of some of my experiments with using this system.

Our campus has several single sign on solutions, sigh, so integrating it with Microsoft Entra ID is also an option. If that's more feasible or someone has done something similar, I can open a different feature request.