Yes, this can be done. Shibboleth is an open source project that is a bit more complex and more extensible but otherwise works in the same way as SiteMinder. You configure it as a filter in front of the web application and then the user coming in to the web application has to authenticate with Shibboleth first, then Shibboleth passes his credentials to the web application in the form both a SAML statement and other attributes in HTTP Headers. So using it can be as simple as choosing to use the HTTP Header for authentication in the QEMC and then getting your customer to configure the Shibboleth filter in front.
In essence, Shibboleth can handle the SAML requests and can then set the user identity in the HTTP header, which in turn is configurable in QlikView.
There are a few different ways of using it, so it depends on how it is implemented. It does not appear to integrate very well with IIS though, sometimes it is even easier to use Apache as a reverse proxy in front of it.
Let me know if this helps.