Support InResponseTo validations through in MultiSaml

Either use cache provided by user, or a default memory
cache to store InResponse parameters. This cache is not
yet partitioned per provider, which means a malicious
provider could do replay attacks by using anothers
unconsummed `InResponse` values

node-saml#334

Author: stavros-wb

README.md

@@ -73,6 +73,8 @@ passport.use(new MultiSamlStrategy(
 );
 ```
 
+Using multiple providers supports `validateInResponseTo`, but all the `InResponse` values are stored on the same Cache. This means that all providers have access to it and a provider might get its response validated against another's request. [Issue Report](!https://github.com/bergie/passport-saml/issues/334)
+
 #### The profile object:
 
 The profile object referenced above contains the following:

multiSamlStrategy.js

@@ -1,40 +1,50 @@
 var util = require('util');
 var saml = require('./lib/passport-saml/saml');
+var InMemoryCacheProvider = require('./lib/passport-saml/inmemory-cache-provider').CacheProvider;
 var SamlStrategy = require('./lib/passport-saml/strategy');
 
 function MultiSamlStrategy (options, verify) {
   if (!options || typeof options.getSamlOptions != 'function') {
     throw new Error('Please provide a getSamlOptions function');
   }
 
+  if(!options.requestIdExpirationPeriodMs){
+    options.requestIdExpirationPeriodMs = 28800000;  // 8 hours
+  }
+
+  if(!options.cacheProvider){
+      options.cacheProvider = new InMemoryCacheProvider(
+          {keyExpirationPeriodMs: options.requestIdExpirationPeriodMs });
+  }
+
   SamlStrategy.call(this, options, verify);
-  this._getSamlOptions = options.getSamlOptions;
+  this._options = options;
 }
 
 util.inherits(MultiSamlStrategy, SamlStrategy);
 
 MultiSamlStrategy.prototype.authenticate = function (req, options) {
   var self = this;
 
-  this._getSamlOptions(req, function (err, samlOptions) {
+  this._options.getSamlOptions(req, function (err, samlOptions) {
     if (err) {
       return self.error(err);
     }
 
-    self._saml = new saml.SAML(samlOptions);
+    self._saml = new saml.SAML({ ...self._options, ...samlOptions });
     self.constructor.super_.prototype.authenticate.call(self, req, options);
   });
 };
 
 MultiSamlStrategy.prototype.logout = function (req, options) {
   var self = this;
 
-  this._getSamlOptions(req, function (err, samlOptions) {
+  this._options.getSamlOptions(req, function (err, samlOptions) {
     if (err) {
       return self.error(err);
     }
 
-    self._saml = new saml.SAML(samlOptions);
+    self._saml = new saml.SAML({ ...self._options, ...samlOptions });
     self.constructor.super_.prototype.logout.call(self, req, options);
   });
 };