multi-tenant support

[watercraft]

I'm attempting to use the service provider (SP) side of this library in a multi-tenant service were each tenant can have a different identity provider (IP). So far the only issue I've had is with the cookie path in the request tracker because I want to initiate the authentication request from an endpoint separate from the assertion consumer service (ACS). This is required because I need to resolve which tenant to use before initiating the request. I realize that I could make the path tenant specific, but that does not fit well with the rest of my architecture. My solution (https://github.com/watercraft/saml) is to add an optional custom cookie path to the middleware config options.