[readme] SAML2.0 does support passive refresh via isPassive

[hauntingEcho]

In the readme, it is mentioned that "SAML doesn't provide a non-interactive way to refresh assertions". However, this is the purpose of the "isPassive" attribute on an AuthnRequest (line 2047 of SAMLCore)

[ericchiang]

"isPassive" just seems to imply that the provider should actively re-log you in, kind of like OpenID Connect's "max_age" http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

This doesn't let us refresh the data, just implies that your provider is okay with not actively logging you back in (such as prompting your password).

For refresh tokens, dex expects to be able to refresh the claims in the id_token. If you've changed groups, those groups should be different in the new id_token you get from a refresh response. I don't see how "isPassive" achieves this.