Thirty-party auth for SAML is not testable in devstack

[robrap]

AC:

• Make SAML work on devstack.
• Ticket follow-up for Enterprise if needed.

Other notes:

The Enterprise is running into an issue and they aren't able to test SAML locally in devstack any more.

See https://twou.slack.com/archives/C04ACDVM6A1/p1682704109420539. (copy details here)

The issue is that we're seeing this error when trying to test in devstack:

Authentication failed: SAML login failed: ['invalid_response'] 
(the response was received at http://localhost/auth/complete/tpa-saml instead 
of http://localhost:18000/auth/complete/tpa-saml)

There is an existing workaround where we map lms to port 80 on the host machine, which does work, but we would not like to not have to deal with that.

This ticket is about making things testable in devstack. It may be that Enterprise also needs follow-up support on the actual bug they were trying to fix as well.

[dianakhuang]

I believe this issue is caused by this constraint: https://github.com/openedx/edx-platform/blob/master/requirements/constraints.txt#L43-L44 which pins python3-saml to version 1.09

Version 1.12 deprecated the 'server_port' field: https://github.com/SAML-Toolkits/python3-saml/blob/master/changelog.md#1120-aug-13-2021

I believe that the upstream libraries like social-core also removed this field, but the old version of the code we're using still expects it.

A naive attempt at updating this library broke something in our implementation of lxml.