feat(saml): allow setting nameid-format and alternative mapping for transient format

[livio-a]

Which Problems Are Solved

ZITADEL currently always uses urn:oasis:names:tc:SAML:2.0:nameid-format:persistent in SAML requests, relying on the IdP to respect that flag and always return a peristent nameid in order to be able to map the external user with an existing user (idp link) in ZITADEL.
In case the IdP however returns a urn:oasis:names:tc:SAML:2.0:nameid-format:transient (transient) nameid, the attribute will differ between each request and it will not be possible to match existing users.

How the Problems Are Solved

This PR adds the following two options on SAML IdP:

• nameIDFormat: allows to set the nameid-format used in the SAML Request
• transientMappingAttributeName: allows to set an attribute name, which will be used instead of the nameid itself in case the returned nameid-format is transient

Additional Changes

To reduce impact on current installations, the idp_templates6_saml table is altered with the two added columns by a setup job. New installations will automatically get the table with the two columns directly.
All idp unit tests are updated to use expectEventstore instead of the deprecated eventstoreExpect.

Additional Context

Closes #7483
Closes #7743

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 23, 2024 4:51am

[github-actions]

Thanks for your contribution! 🎉

Please make sure you tick the following checkboxes before marking this Pull Request (PR) as ready for review:

• I am happy with the code
• Documentations and examples are up-to-date
• Logical behavior changes are tested automatically
• No debug or dead code
• My code has no repetitions
• The PR title adheres to the conventional commit format
• The example texts in the PR description are replaced.
• If there are any open TODOs or follow-ups, they are described in issues and link to this PR
• If there are deviations from a user stories acceptance criteria or design, they are agreed upon with the PO and documented.

[codecov]

Codecov Report

Attention: Patch coverage is 54.28571% with 112 lines in your changes are missing coverage. Please review.

Project coverage is 62.43%. Comparing base (f371131) to head (d1099ce).
Report is 1 commits behind head on main.

❗ Current head d1099ce differs from pull request most recent head 933a320

Please upload reports for the commit 933a320 to get more accurate results.

Files	Patch %	Lines
internal/api/grpc/idp/converter.go	0.00%	32 Missing ⚠️
internal/api/grpc/admin/idp_converter.go	0.00%	22 Missing ⚠️
internal/api/grpc/management/idp_converter.go	0.00%	22 Missing ⚠️
internal/api/ui/login/external_provider_handler.go	0.00%	6 Missing ⚠️
internal/idp/providers/saml/saml.go	72.72%	6 Missing ⚠️
internal/query/projection/idp_template.go	66.66%	4 Missing and 2 partials ⚠️
cmd/setup/27.go	0.00%	5 Missing ⚠️
internal/command/idp_model.go	71.42%	4 Missing ⚠️
internal/idp/providers/saml/session.go	84.61%	2 Missing and 2 partials ⚠️
internal/api/idp/idp.go	25.00%	2 Missing and 1 partial ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7979      +/-   ##
==========================================
- Coverage   62.46%   62.43%   -0.03%     
==========================================
  Files        1342     1343       +1     
  Lines      110863   110981     +118     
==========================================
+ Hits        69252    69295      +43     
- Misses      37730    37803      +73     
- Partials     3881     3883       +2     

Flag	Coverage Δ
core-integration-tests-postgres	62.43% <54.28%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

🎉 This PR is included in version 2.53.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀