Multiple IdPs for Pedestal-sp

[simongray]

Currently, the Pedestal-sp configuration expects a single IdP as we just need to integrate with WAYF for now - and possibly forever. Modifying the code to handle multiple IdPs would entail

• specifying these as a list or map with identifiers in the config map
• redirecting to the correct IdP based on an identifier supplied as a query parameter to the GET /saml endpoint
• using the correct IdP certificate to validate the response to the POST /saml endpoint
  • Currently the RelayState is just used for the internal redirect done after validation. However, since this query param is going to be present in the IdP response, this is one conceivable way to use match the response with the correct IdP certificate during validation. The main trade-off is that it complects the value of RelayState which must then be parsed to separate the redirect URL from the IdP identifier.

Obviously, code changes supporting multiple IdPs will somewhat complect the entirety of the setup no matter what. If Pedestal-sp is to be spun off, it should probably have this functionality.