Check Assertion in AuthnResponse as mandated by the specification
Currently we just loop over all assertion checking basic things like issuer and signatures.
There should be more assertion checking in the sense that the caller of lasso could juste ask the Login profile which assertion resulted in the SSO process successing.
The specification mandate that the received AuthnResponse must at least contain one assertion with an authentication statement from the targeted IdP. We should check this exactly. Then we should report through the assertion field the winning assertion.