We've spent the last few days working on getting Shibboleth authentication working with our Aegir hosted Drupal instances. It's turned out to be not that difficult to implement.
First add the Shibboloth authentication module to your platform.
Next, create a file called
config/server_master/apache/pre.d and add this to it:
Restart apache, enable and configure the module in every site you want to use Shibboleth on, and there you go. Every site has the capability to use Shibboleth along with the normal user model. You can add extra Locations to force the user to authentication to the site.
You can also add other config options in this folder. Learn more about Aegir's apache config by doing this:
$ more /var/aegir/config/server_master/apache.conf