Identity Assertion Providers must be able to be chained together

The provider pipeline currently is limited to a single plugin per role name. Identity assertion providers are immediately in need of support for multiple at the same time. Especially since the addition of the Hadoop group lookup provider, we need to be able to also map principals or extract usernames from principals before group lookup using regex, etc.

It may make sense to also support multiple authentication/federation providers for MFA type scenarios.

We should consider whether we want a generic approach to being able to have multiple providers across the board or whether an identity assertion specific solution is prudent.