Spring Security Default RequestMatchers for Saml2WebSsoAuthenticationFilter and OpenSamlAuthenticationTokenConverter should align

Given that OpenSamlAuthenticationTokenConverter is the default authentication converter used by spring-security-config when constructing a Saml2WebSsoAuthenticationFilter, it's a bit odd that the authentication converter matches more endpoints than the filter that uses it.

For backward compatibility, this should be isolated to a new constructor Saml2WebSsoAuthenticationFilter(AuthenticationConverter).

Comment From: jzheaux

Closed in 3ba5cc0e402a2cced2e02cc2f5bb15b2ef8ac2ff