Hi all
I've been working on a simple-to-deploy plugin for SAML2 authentication. It doesn't require you to set up simpleSAMLphp (like auth_saml) or to install ApacheShibboleth webserver extensions (like auth_shibboleth), it doesn't provide any enrolment handling functionality, and it doesn't require '$CFG->alternateloginurl' trickery.
The code is here: https://github.com/jonof/moodle-auth_simplesaml, and for the moment it expects Moodle 2.8 only because I haven't checked it against 2.6 or 2.7 yet.
The plugin uses OneLogin's quite sweet php-saml library. Development used simpleSAMLphp in IdP mode, and tests have succeeded using an F5 APM-based Identity Provider.
This will be getting a workout within my institution, so if it's useful to others, feedback would be appreciated.
Jonathon