The configs do not talk about SSSD at all. This area definitely requires some face lift. I wounder if they are aware about SSSD and IdM? Any chance someone can ask them to consider SSSD and IdM using SSO as you described above?
https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/2014-September/06613...
I don't even know if they're thinking about Rocks 7 yet, but can see if there's any interest.
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.