auth/saml enable user to link own account to remote user

I have pushed a series of commits to gerrit on master (auth_saml_enhancements) that represent the sum total of the changes required for the enhancements sponsored by the Ministry of NZ.
The main features of these changes are to allow users to have dual login mechanisms eg: internal and auth/saml, and then given this, when they login using auth/saml and no link is detected for a Mahara account, they are able to login manually and nominate an account to link to the external authorisation source.

Due to issues with the PHP shutdown callbacks that SimpleSAMLphp registers, it is imperative that people using auth/saml use a separate session storage engine for SimpleSAMLphp other than phpsession - checks have been implemented to guard against this.

Reviewed: https://reviews.mahara.org/483
Committed: http://gitorious.org/mahara/mahara/commit/93358ed312da987b6abd4b6bc557d30955207c55
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit 93358ed312da987b6abd4b6bc557d30955207c55
Author: Piers Harding <email address hidden>
Date: Fri Jul 15 13:01:32 2011 +1200

    Redevelop auth/saml - self-linking accounts, dual login

    Bug #810302

    Redevelop auth/saml:
     * remove cludged session handling
     * add sanity checking of ssphp config - must not be phpsession now (use memcache)
     * improve handling of original target URL on login
     * add config option to enable user-login-linking
     * add screen for user to login to local account for linking
     * add linking screen
     * improve error messages

    (note: fixed code formatting error found by Jenkins)

    Moved login string out to earlier commit

    Change-Id: Ib93680e225c325b30b3dc200152590e5e81eaa95
    Signed-off-by: Piers Harding <email address hidden>

Reviewed: https://reviews.mahara.org/497
Committed: http://gitorious.org/mahara/mahara/commit/5874252d338a81dec7ab33839c463eed97a3a77f
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit 5874252d338a81dec7ab33839c463eed97a3a77f
Author: Richard Mansfield <email address hidden>
Date: Thu Jul 21 11:03:11 2011 +1200

    Add help file for remoteusername (bug #810302)

    Change-Id: I4e9ba99028f5fed2702c71f7327624ba72e30399
    Signed-off-by: Richard Mansfield <email address hidden>

Reviewed: https://reviews.mahara.org/482
Committed: http://gitorious.org/mahara/mahara/commit/34ebbfe42eff16b92c8800c269219f521ff1303e
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit 34ebbfe42eff16b92c8800c269219f521ff1303e
Author: Piers Harding <email address hidden>
Date: Fri Jul 15 09:02:55 2011 +1200

    Enable multiple auth_remote_user connections

    Bug #810302

    Enable links to multiple auth instances to be maintained so that
    users can have dual login eg: internal + auth/saml etc.

    Improve validation around switching auth_instance and
    changing the remoteuser at the same time.

    Add checks to ensure remoteuser does not get clobbered by update
    for another user. Allow override for the CVS upload case (file == unit
    of update).

    Change-Id: I5321c0270aeaa93bd193e8e759b08ab7f8b50ded
    Signed-off-by: Piers Harding <email address hidden>

Reviewed: https://reviews.mahara.org/479
Committed: http://gitorious.org/mahara/mahara/commit/a95292b43c97cf38830784993e0553f79ed602a6
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit a95292b43c97cf38830784993e0553f79ed602a6
Author: Piers Harding <email address hidden>
Date: Fri Jul 15 09:01:06 2011 +1200

    Add SAML based SSO Login link

    Bug #810302

    Add a link to auth/saml if the SAML auth plugin is enabled
    This appears on all login panels
    (whitespace given back)
    Switched to checking auth_instance
    Moved login string to this commit
    This appears on login diversion page

    Change-Id: Ia8a799396a9f33bc0cc6e0c59549e2464253ca31
    Signed-off-by: Piers Harding <email address hidden>

Reviewed: https://reviews.mahara.org/504
Committed: http://gitorious.org/mahara/mahara/commit/70d3b8e8d1204f7e0710e1ca007902f5f6e3b752
Submitter: Richard Mansfield (<email address hidden>)
Branch: master

commit 70d3b8e8d1204f7e0710e1ca007902f5f6e3b752
Author: Piers Harding <email address hidden>
Date: Fri Jul 22 11:09:19 2011 +1200

    auth/saml: improve switching between authentication sources

    Bug #810302

    Override the standard login screen and login_submit so that
    users are specifically tested for other non-sso authentication
    options that they may have, including the default internal -
    not just the current one tied to their usr record.

    Change-Id: Ibc85589f610c90d6f2079f364f97887fb4b4f495
    Signed-off-by: Piers Harding <email address hidden>