ruby-saml security update breaks handling of large SAML responses

Summary

After commit da2e9f3a that went in 13.10.3 / 13.11.0, certain organizations (self-managed users) with large SAML responses (likely due to content of groups, etc.) are unable to login successfully.

This is due to the arbitrary limit of 0.25 MB introduced by a security fix consumed through that upgrade: https://github.com/onelogin/ruby-saml/commit/533c84ebfc40f8cbac645b6c76ce4949f95d27d6

Can the limit be made configurable for GitLab's use?

Steps to reproduce

Adding a SAML user to a lot of large named groups may be one way to get the size above 0.25 MB in the success response.

Example Project

What is the current bug behavior?

Authentication fails with message:

Could not authenticate you from SAML because "Encoded saml message exceeds 250000 bytes, so was rejected".

What is the expected correct behavior?

Authentication should succeed as it did in versions prior to the change.

Relevant logs and/or screenshots

Output of checks

GitLab 13.10.3, or 13.11.0, maybe others - (any that include the above upgrade backports).

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes