Hard to configure in plone (plone control panel)

[djay]

To give it to end users site admins in a plone site to configure will require an easy to understand control panel.

• should explain Idp vs sp scenarios
• should make it easy for ADFS, 365 and other common setups
• should let users paste in signitures etc when a metadata url is not available
• should allow user properties to be defined with defaults
• no zmi needed
• give some options with regard to login when using as a SP. ie, add link to normal login or completely replace it.

[djay]

Maybe could work like this

Enable SSO [x]
 - logins to this site will be redirected to a SAML2 Identity Provider (IdP) such as Office365

Enable IdP [ ]
- External sites can user this site to login

Provider Metadata url
[                            ]  [Add]
__advanced__

Authorised Providers
- Office365 [status ok] [x]

This sites External Site url
[                                 ]

Details required for external providers
Entity ID: blah blah
Metadata URL: http://ssss

Map User Properties
remote:local
----------------------
member:userid

----------------------

__Manage Certificate__

[Submit]