`ruby-saml` version 2.x major version

[dblessing]

This gem currently pins ruby-saml to ~> 1.18. The upstream maintainers are working on v2.x now. How would omniauth-saml like to handle the major version update for the dependency?

I've tested omniauth-saml with the v2.x branch and it works without modification, other than the dependency pin. However, there may be a few changes in the gem which do cause breaking changes for omniauth-saml users depending on their use and configuration. ruby-saml has a v2.x upgrading document at https://github.com/SAML-Toolkits/ruby-saml/blob/v2.x/UPGRADING.md.

An example where a v2.x change is likely to break things for omniauth-saml users is the default idp_cert_fingerprint will change from SHA1 to SHA256. To continue using SHA1, users will need to explicitly set idp_cert_fingerprint_algorithm.

Should omniauth-saml also experience a major version bump to coincide with ruby-saml v2.x, or is a minor version bump sufficient?