I may be missing something but I haven't found a way to add the --ssl-ca
MySQL option to my database connection. It appears we just need to pass
in an $options param.

Fixed typos.

docs: Fix minor typo.

When unserializing the session fails, the handler should return null instead of false. Additionally, SimpleSAML_Session::load() should make sure that it got an instance of SimpleSAML_Session, to avoid any misbehaving handlers to generate an issue.

This resolves #616.

Remove duplicate config

Update composer.lock with vfsStream dev-dependency

I believe #592 broke unit tests by adding a dev-dependency to
`composer.json` but forgot to update `composer.lock`. Therefore,
`composer install` does not install all the necessary dependencies for
tests.

Added tests for SimpleSAML\Utils\XML

SimpleSAML_SessionHandler* classes refactorized to PSR-4

Extend theming documentation about resource referencing

docs: Improve raw simplesamlphp-modules.md

Added tests for SimpleSAML\Utils\Crypto

Fix link

Accessing a key in an array is not allowed when the array is not a variable but a value returned by a function.

This also required adding an additional argument to
SimpleSAML\Utils\Crypto::loadPrivateKey to ease in testing. Without
this additional argument, SimpleSAML_Configuration::getBaseDir eventually
gets called to determine the private key location.  This doesn't work
well with vfsstream. This argument shouldn't cause too much trouble, and
seems cohesive enough with the function's purpose.

The configuration of the MultiAuth authentication source specifies the auth sources that the user is presented with when asked for authentication. However, there was no proper check for the auth source selected by the user to ensure it is one of those allowed for MultiAuth.

The reason was the lack of conversion to integer for each character of the strings before applying the XOR operator to them. The operator returns always an empty string when applied to two characters, and applying a binary-wise OR between 0 and an empty string, yields 0. Therefore, $diff is always 0, and the function returns true for every two strings with same length, regardless of their contents.

Added tests for SimpleSAMLUtilsSystem

This reverts commit b1b0d0ef.

This reverts commit c441f9c9.

It looks like mb_substr() doesn’t cope well with NULL as the third parameter in PHP 5.3.

First, there’s no reason to obtain the logout URLs only when logout was initiated. If we get them always, we allow templates to do fancy things like using javascript to do everything on the fly, without going through the script, by dynamically loading the iframes.

Second, we should always check the associations against the ones registered in the session. That way, we can log SPs out individually, and if we refresh the page after that, they will still be marked as logged out.