OpenSAML should get initialized as part of container lifecycle #8772
Description
OpenSAML gets initialized by Spring Security lazily via a package-private class OpenSamlImplementation. This setup makes it tricky for an application to override the defaults that Spring Security specifies.
For example, to use a different ParserPool configuration, one needs to ensure that they call XMLObjectProviderRegistrySupport.setParserPool only after OpenSamlAuthenticationProvider or OpenSamlAuthenticationRequestFactory is classloaded since those are the two classes that use an instance of OpenSamlImplementation.
It may be cleaner to initialize OpenSAML as part of the container lifecycle, for example as a BeanFactoryPostProcessor. In this way, an application can register their own BeanFactoryPostProcessor to override the behavior.
At that point, the code can be removed in OpenSamlImplementation that initializes OpenSAML.