Allow shared IdPs for organizations

[xgp]

Depends on https://github.com/p2-inc/keycloak-orgs/issues/248 for setting the global config value to allow shared IdPs.

If this is enabled, we will allow an admin (i.e. has manage-organizations realm-management role) to set an IdP to "shared" and associate with multiple organizations.

• Only /link and /unlink endpoints only can link unlink shared idps
• We need to add a "shared" flag to the /link endpoint
• A home.idp.shared flag should be added to the idp config object in the idp
• We need update the UI to allow setting that flag
  • Also might be necessary to show in the modal the idps that are assigned (i.e. have home.idp.discovery.org but also home.idp.shared
• Org admin management endpoints (the ones that permission holders within the organization can call) don’t show shared IdPs
• When an org admin attempts to add an idp where a shared one is already configured, they get a 409 (should be the same as today)

Need to update

• home idp discovery
• org admin management endpoints (IdentityProvidersResource and IdentityProviderResource)

[rtufisi]

Change: If globalConfig for sharedIdp is enabled, put IDP attribute ORG_OWNER_CONFIG_KEY, as a multivalue list of all organzationId; Otherwise to be able to add just one organizationId