Implement urn:oasis:names:tc:SAML:profiles:subject-id:req in SAML federations
Summary
SAML federations now use urn:oasis:names:tc:SAML:profiles:subject-id:req to indicate whether they require subject-id, pairwise-id, or none in SAML responses (https://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/cs01/saml-subject-id-attr-v1.0-cs01.html)
Design proposition
- Modify importMetadata / SamlFederation.pm to add "subject-id" to exported attributes
- Document how to declare subject-id (#2933 (closed))
pairwise-id is harder, and might need to be implemented in the issuer itself in a separate issue