Group SAML test button should provide information from SAML response
What
Display SAML response and highlight NameID when using the Test button from the Group SAML settings page.
Possibly also discourage NameIDs that are emails, usernames or otherwise not randomly generated and persistent. This could be done by expecting a NameIdFormat of persistent
with high entropy. If doing so we should also discourage changing NameID configuration if there are existing users linked.
Why
Extracted from #33464 (closed)
We could do more to help customers during the initial setup, both to familiarize them with the relevant parts of the SAML response as well as to help them avoid NameIDs that could cause problems later on.