OPENIDM-4217 - Align with CUI-111 and 21dcdac9 to properly use managed/user authzRoles. Still blocked by OPENIDM-4246

CR-7438 - OPENIDM-3344 - Separate different role types into different fields for managed/user

IDME-340 (CR-5999) Add "static user" auth module to authenticate anonymous user against module config to avoid repo read for self-registration use-cases.

CR-3654 - OPENIDM-1896 - Renaming passthroughAuthnPopulateContext.js to populateAsManagedUser.js

OPENIDM-1708 (CR-3633) Support reauth for any auth module configured in authentication.json. * AuthenticationService now handles requests on /authentication, replaciing AuthFilter which was not a filter, and did not fully handle reauth. * Authenticators are used from both JASPI auth modules and AuthenticationService to provide the authentication--either with Http headers in the case of the auth modules, or from the authcid in the HttpContext and the reauth header in the case of reauthentication. * AuthenticationService now satisfies the AuthenticationConfig service for the purposes of OSGiAuthFilterBuilder's access to the config to build the JASPI CAF. * The duplicative managed/user config at the top of the sample authentication.json files are now removed, thus satisfying OPENIDM-1781.

OPENIDM-1762 (CR-3586) Additional decoupling of auth module role calculation and security context population from auth module validation code. Notably: * factor out basic auth code to allow PassthroughModule to support both basic auth and X-OpenIDM- header auth. * remove IWAPassthroughModule in favor of using auth module configuration to control order of execution * separate client cert auth into its own module, supporting an list of "allowedAuthenticationIdPatterns" to compare against the subject DN * remove static dependency on OSGIAuthnFilterBuilder for injection of OSGi artifacts - improves testability

OPENIDM-1735 / OPENIDM-1134 (CR-3503) Provide additional detail on sync failures from managed object CRUD operations. Provide example compensation script to compensate for sync failures.

CF-2495 - CAF-93/CAF-103 - Session integration with OpenAM via common session module

CR-3404 - OPENIDM-1734 - Updates for Sample 6