SAML token as OIDC token needs improvements

In the current version where we use KC via SAML, a generated username federated-user*@aai.geant.org appears and is used to link the KC account to the local account, in the case of a user registered on the KC platform the username is arbitrary. In the version using OIDC as saml token it saves the user ID which is an unchangeable value making such linking more secure. It is important to handle users registered locally via username and map this value to ID.