Ability to customize/configure SAML AuthnRequest (SP -> IDP)

[amergey]

Expected Behavior

We should be able to customize/configure the way AuthnRequest is built by spring-security.
It was possible with spring saml extension (see 9.2.1 in https://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html)

Context

Some IDP mandates specific format for AuthnRequest and does not support everything. To increase interoperability between spring-security acting as a SP with multiple IDP vendors, it is necessary to provide similar way of configuring AuthnRequest (as it was possible in spring saml extension)
Compared to saml extension we identify specifically the need for

• nameID (NameIDPolicy in AuthnRequest) see also v2 - SP metadata - NameID should be configurable spring-attic/spring-security-saml#266

• authnContexts (AuthnContextClassRef in AuthnRequest)

[jzheaux]

@amergey, thanks for the suggestion.

This support was added in 5.4-RC1 via the OpenSamlAuthenticationRequestFactory#setAuthnRequestConsumerResolver method. My apologies as the documentation for that feature didn't make it into RC1.

Since the code is in the RC1 phase, please try it out and send feedback (preferably on #8141) on whether it meets your needs.