Support SAML groups via attribute

[kewisch]

In the SAML provider, it would be great if Groups were implemented. IIUC, there could be code in the saml identity provider that reads a group membership from the SAML attributes, and the IDP/SP need to be configured to pass on that group membership.

[ThiefMaster]

While implementing it would be possible, you'd need to keep this state around somewhere. And assuming that you use flask-multipass in Indico the problem is that everything there expects to have access to group information on the fly regardless of a login session.

However, feel free to create a custom multipass provider that handles this data and then caches it somehow. For the caching part you could have a look at our flask-multipass-cern repo where we pass a cache object via the config and then use it in the multipass provider.