****** Design ****** The *Authentication SAML Module* introduces some new routes: - ``GET`` ``/<database>/authentication/saml/<identity>/login``: redirect to the identity provider location with a prepared request using the ``next`` argument as relay state. - ``GET`` ``/<database>/authentication/saml/<identity>/metadata``: return the metadata XML of the service provider. - ``POST`` ``/<database>/authentication/saml/<identity>/acs``: verify the authentication request and redirect to the relay state.