WIP: Per Group SAML login

What

WIP prototype

Will allow top-level groups to configure their own SAML Single Sign On setup.

Why

So Gitlab.com can allow companies to each sign in with their own SSO

Screenshots

SSO Page	Group Membership

Database Checklist

See also https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549#database-checklist

• Updated db/schema.rb
• Added a down method so the migration can be reverted
• Added the output of the migration(s) to the MR body
• Added tests for the migration in spec/migrations if necessary (e.g. when migrating data)
• Ordered columns based on the Ordering Table Columns guidelines
• Added foreign keys to any columns pointing to data in other tables
• Added indexes for fields that are used in statements such as WHERE, ORDER BY, GROUP BY, and JOINs

== 20180317020334 AddSamlProviderToIdentities: migrating ======================
-- add_reference(:identities, :saml_provider, {:index=>true, :foreign_key=>{:on_delete=>:cascade}})
   -> 0.0200s
== 20180317020334 AddSamlProviderToIdentities: migrated (0.0201s) =============

Acceptance criteria

• Changelog entry added, if necessary
• Documentation created/updated
• API support added
• Tests added for this feature/bug
• Review
  • Has been reviewed by UX
  • Has been reviewed by Frontend
  • Has been reviewed by Backend
  • Has been reviewed by Database
• Internationalization required/considered
• If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan

Related

• Part of &40 (closed)
• Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/4514, https://gitlab.com/gitlab-org/gitlab-ee/issues/5331, https://gitlab.com/gitlab-org/gitlab-ee/issues/4515, and https://gitlab.com/gitlab-org/gitlab-ee/issues/4990