Support SAML GroupSync for multiple providers

This is a feature request for SAML Group Sync to support multiple SAML providers. Multiple providers are supported for authentication, but any SAML provider not named saml is ignored for group sync.

In a test scenario on 15.6.1-ee:

multiple providers were configured
each was configured to use group sync
the providers were named saml and saml1
each provider had a test user that could successfully login to GitLab using that provider
a SAML group from each provider was added as a group link to a GitLab group. Each provider's group granted access to a different user.
each of the two user's SAML responses were confirmed to contain what GitLab expects
after each user logged in, only the saml provider's user was granted the appropriate access.

If I understand the code correctly, this seems to be happening because we only account for the provider named saml. This may also explain the error in this issue.

When multiple providers are configured, and there are conflicts in role level between the two, the access granted by the first logged in provider will be lost when the secondary provider is logged in to. There will not be management of a user signing in in via two providers that send conflicting group details and thus cause a back-and-forth change of permissions.This will be a documented limitation of the implementation.

This will be done in 3 milestones to comply with the sidekiq process

E2E tests should be added for SAML Group Sync with multiple providers

Edited Jul 14, 2023 by Aboobacker MK