Add test coverage for SLS and ACS SAML auth servlets

[ismisepaul]

Summary

The SAML SSO auth servlets SLS (Single Logout Service) and ACS (Assertion Consumer Service) have no test coverage — no unit or integration tests exist for either.

src/main/java/servlets/SLS.java   — no SLSTest / SLSIT
src/main/java/servlets/ACS.java   — no ACSTest / ACSIT

By contrast, the non-SAML auth servlets Login and Logout do have IT coverage (LoginIT, LogoutIT).

Why it matters

These are authentication-path servlets in a security training application — exactly the code that should be tested. The gap surfaced during the Jakarta migration (#861): OpenRewrite tried to bundle a behavioral change (ses.invalidate() → request.logout()) into these files, and for SLS/ACS there was no test that would have caught a regression (whereas LogoutIT would have).

Scope

• Add coverage for ACS (consumes the SAML assertion / IdP response, establishes the session).
• Add coverage for SLS (handles SAML single-logout).
• Cover both success and failure/invalid-assertion paths.

Note: depends on the SAML Auth API, which is being moved to the Jakarta-compatible java-saml 3.0.0 + java-saml-servlet-jakarta as part of #861 — coordinate so tests target the post-migration API.

Out of scope

MobileLogin coverage — the mobile side is handled under a separate initiative.

Discovered during #861.