Spring Security Allow configuration of AuthenticationManager in saml2Login()

Summary

It should be easier to configure the authoritiesExtractor, authoritiesMapper and responseTimeValidationSkew on the OpenSamlAuthenticationProvider. See gh-7642.

Allowing an authenticationManagerResolver for SAML2 login will allow customizing the OpenSamlAuthenticationProvider.

This should be similar to OAuth2ResourceServerConfigurer.authenticationManagerResolver.

Comment From: fhanik

@eleftherias I've been reviewing this, and implemented a possible solution in 1d71a62.

It does however become difficult to justify the use of a AuthenticationManagerResolver simply for the ability to configure setters on the authentication provider.

The AbstractAuthenticationFilterConfigurer calls setAuthenticationManager making the end result of the configuration less obvious.

I will continue reviewing this, but may opt to just make the authentication provider configurable, or the options on it, rather than adding a resolver.

Comment From: eleftherias

@fhanik The idea with having the AuthenticationManagerResolver configurable is that it would support multi-tenancy in the future. For now, we only need the ability to set the options on the provider. I will leave it up to you to decide which option is best.