Default RequestMatchers for Saml2WebSsoAuthenticationFilter and OpenSamlAuthenticationTokenConverter should align #13653
Description
Given that OpenSamlAuthenticationTokenConverter is the default authentication converter used by spring-security-config when constructing a Saml2WebSsoAuthenticationFilter, it's a bit odd that the authentication converter matches more endpoints than the filter that uses it.
For backward compatibility, this should be isolated to a new constructor Saml2WebSsoAuthenticationFilter(AuthenticationConverter).