Add a property to allow using unsigned saml tokens as principals

The recent changes to the saml processing code remove the ability to use unsigned saml tokens as principals, even in cases where protected by ssl client authentication.

Add a new property to allow this functionality to be re-enabled, but make sure its off by default.