Add multiple identity providers for SAML

Abiquo 5.2.1 introduces multiple identity providers (IdPs) for the SAML integration. 

When the user enters their email address to log in, Abiquo will select the IdP based on its domain name, or it will use the default IdP. 

In this version, Abiquo will use the same IdP configuration for all providers, for example, it will search for the same abq-role attribute to match an Abiquo role.

To configure an existing SAML integration with more IdPs, do these steps on the Abiquo Server:

1. Save the metadata for the new IdPs, as for the first IdP

2. For the default IdP, edit the metadata and set the Default attribute

3. Edit the abiquo.properties file to make these changes:

   1. Add the paths to the metadata of the new IdPs as a comma separated list to the abiquo.saml.metadata.identityprovider.path property

   2. To set the default IdP, add the new abiquo.saml.metadata.identityprovider.default.id property

   3. To map the user email domains to IdPs, set the new abiquo.saml.metadata.identityprovider.userdomain.map property with a comma separated list of keys and values. For example:

      abiquo.saml.metadata.identityprovider.userdomain.map = example.com=https://sts.example.com/ffff2108-833e-4940-87e6-3d39ce9adb70/,abiquo.com=https://idp.example.com

      Do not use a comma , in a key or a value
      Do not use use an equals sign = in the key

4. Share the Abiquo SP data with the new IdPs

5. On the UI server, edit the client-config-custom.json file and change the client.login.module property from SAML to SAML + user.
   For more details, see the examples in client-config-default.json file.

For this feature, there is a new /saml/idp endpoint in the Abiquo API where the UI will send a GET request with the user domain. This endpoint will return a redirect to the usual /saml/login endpoint with the appropriate IdP. Then the login will continue as for a single IdP.