SAML errors not displayed due to CSRF protection on failure endpoint
Problem
When there is a failure in omniauth, such as from instance-SAML certificate misconfiguration, we should show it in the UI. Instead the we are printing "Can't verify CSRF token authenticity" in the logs.
Additionally this means we aren't incrementing attempted login counts there.
Solution
Skip forgery protection for the failure endpoint.