Currently, the SAML 2.0 servlets are always 'listening' on all services - for
example, Manage Name ID, Artifact Resolve. Although it is possible to remove
servlet endpoints from web.xml, we should have some configuration settings to
disable SAML 2.0 services; disabled services should return an HTTP error code
early in their processing.