Community/Unstable apps. There's been a lot of app packaging going on and we can't keep up with testing of all the apps. So, we will get them all listed in the coming weeks, so others can easily test them out.
While not totally trivial anybody could already before build and install local apps. With the above change the local building step could afais also be skipped.
Thinking about it, if there were going to be a bigger, badder SSO solution "baked in" to the platform, keycloak (https://www.keycloak.org) may be the better tool to close some of that gap than Shibboleth for the job (OpenID Connect, OAuth 2.0, and SAML support built-in; similar flexibility on the backend). My main thought in the use case of SSO apps is that SSO as a platform component is, to date, a platform-internal feature, and I think there's a huge benefit to being able to essentially treat Cloudron as your authoritative directory / user store and leverage it for SSO with SaaS and other strictly off-host products.