Share Okta credentials cross accounts

[tommywo]

Allow splitting Okta login url to url and app_id so user can login once to okta and then use the same session to access different accounts, similarly like they can in the browser.

Configuration example:

[account-a]
app_id           = /app/example/AAAAAAA/sso/saml
url              = https://example.okta.com
provider         = Okta
(...)

[account-b]
app_id           = /app/example/BBBBBBB/sso/saml
url              = https://example.okta.com
provider         = Okta
(...)

The change from the SecClassInternetPassword to SecClassGenericPassword is because on the first login saml2aws would first save the okta session cookie to keychain and then delete it while saving the password. It also returned the token instead of password. this doesn't happen for me with SecClassGenericPassword.

I tested the change combined with pull request #722 and the fixes from issue #714

[tommywo]

@wolfeidau What do you think about this pull request?

[wolfeidau]

@tommywo changing the sec class would be a breaking change as keychain doesn't really handle this well...

We need to come up with a way to enable this without breaking existing users.

[briantist]

This would be a really great feature for us too, I hope to see it accepted!