treat missing groups as an empty list (#40)

Comments in code, but compare...

User who does not have any groups (expect empty groups claim, but get missing claim):

```xml
<AttributeStatement>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
		<AttributeValue>John.Doe@example.com</AttributeValue>
	</Attribute>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
		<AttributeValue>John</AttributeValue>
	</Attribute>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
		<AttributeValue>Doe</AttributeValue>
	</Attribute>
</AttributeStatement>
```

User who _does_ have groups:

```xml
<AttributeStatement>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
		<AttributeValue>Jane.Doe@example.com</AttributeValue>
	</Attribute>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
		<AttributeValue>Jane</AttributeValue>
	</Attribute>
	<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
		<AttributeValue>Doe</AttributeValue>
	</Attribute>
	<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups">
		<AttributeValue>role-Netbox-Admin</AttributeValue>
	</Attribute>
</AttributeStatement>
```

Author: jumanjiman

django3_saml2_nbplugin/backends.py

@@ -153,15 +153,22 @@ def configure_user(self, request: WSGIRequest, user: User) -> User:
                 user.last_name = user_ident[be_settings["LAST_NAME_ATTR"]][0]
             if "MAIL_ATTR" in be_settings:
                 user.email = user_ident[be_settings["MAIL_ATTR"]][0]
-            if "GROUP_ATTR" in be_settings:
-                ident_groups = user_ident[be_settings["GROUP_ATTR"]]
-            else:
-                ident_groups = []
         except KeyError as exc:
             missing_attr = exc.args[0]
             be_name = self.__class__.__name__
             raise PermissionError(f"SAML2 backend {be_name} missing attribute: {missing_attr}")
 
+        ident_groups = []
+        try:
+            if "GROUP_ATTR" in be_settings:
+                ident_groups = user_ident[be_settings["GROUP_ATTR"]]
+        except KeyError:
+            # When we ask IdP to provide groups,
+            # we expect SAML response to include attribute with zero or more groups.
+            # However, IdP may omit the attr altogether instead of providing an empty attr.
+            # Therefore, treat missing groups as empty instead of an error.
+            pass
+
         if "FLAGS_BY_GROUP" in be_settings and "GROUP_ATTR" in be_settings:
             for flag, group_name in be_settings["FLAGS_BY_GROUP"].items():
                 if group_name in ident_groups: