* Migrate metadata-extensions to new interface

* Bump saml2-library

* Migrate md:Organization to new interface

* Bump saml2 library

* Drop hint.cidr functionality; use mdui:DiscoHints/IPHint instead

* Migrate md:KeyDescriptor to new interface

* Bump saml2 library

* Migrate ds-elements to new interface from xml-security lib

* Migrate md:ContactPerson to new interface

* Fix hosted SP metadata generation

* Fix codesniffer issues

* Bump saml2-lib

* Migrate md:NameIDFormat to new interface

* Migrate (indexed) endpoints to new interface

* Fix for NameIDFormat

* Fix minor bugs

* Fix long lines

* Fix array key initializatino

* Only add isRequired attribute when it's true

* Update composer-file

* Remove unnecessary test; the saml2-lib ensures a specs-compliant representation of an AttributeConsumerService-element

* Fix annotation

* Migrate HTTP::redirect

* Migrate HTTP::redirectTrustedURL

* Migrate HTTP::redirectUntrustedURL

* Migrate HTTP::submitPOSTData

* Temporarily revert to make phpunit work

* Migrate logout handlers

* Remove unnecessary assertion & simplify logics

* Remove unnecessary assertion & add new one to check response type

* Remove unnecessary assertion & rationalize code

* Migrate IdPDisco

* Migrate ProcessingChain

* Fix return-type & drop unnecessary use-statement

* Address review comments

* Do not add caching headers at all

* Fix type-confusions

* Migrate saml2 bindings

* Migrate completeAuth

* Migrate handleLogout

* Migrate some more

* Migrate a whole lot more (messy)

* Migrate logout

* Migrate a whole lot more (also messy)

* Many fixes

* Raise coverage

* Psalm: Ignore exteranl adfs-module

* Replace use of _GET globals

* Migrate bindings (send)

* Migrate bindings (receive)

* Fix psalm-dev

* Fix assertion

* s/subclassOf/isInstanceOf

* Fix type-confusion in logout handlers

* Update container

* Bump saml2 + adfs

* Rename namespace

This does it in one place and avoids this module/template-specific thing
from ending up in the PHP metadata array for the entity.

This was a mixture of legacy supported options, some of them
deprecated, and data types, and also implemented differently
in some places than others.

This changes it once more but hopefully for the better:
* The value is always an array or null/unset.
* You can set it to a specific array to get a specific policy.
* You can leave it unset/null to keep the default policy.
* You can set it to the empty array to signal that you do not
want any policy to be sent.
* The string and bool types are no longer allowed.

All in all this means that we can make code much simpler, a lot
less if-branching, and also typewise make use of correct typehints.

The behaviour changes are as follows:
- We drop the already deprecated option to set it as a string
  (deprecated in 1.17).
- To not send the element you need to change false to [];
  this was not deprecated before but I believe setting it to
  false was already broken in master.

Forward port of @tauceti2 patch in simplesamlphp/simplesamlphp#833
to apply cleanly against simplesamlphp-2.0.0-rc2

* entityID change affects saml:SP too

* Generate exception for example entityID (SP)

* Make entityId consistent with examples

* Generate exception for example entityID (IdP)

* Add some use-statements

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

But implement it in a way that still does not require any legacy
www scripts.

But implement it in a way that still does not require any legacy
www scripts.

Partially reverts b7c2caad
and fc1ffee7

Closes: #1660

Make sure the `saml:IDPList` and `IDPList` parameters are not overloaded. From now on, saml:IDPList is being used when SSP is used as a proxy while the IDPList parameter is used when SSP is used as in SP-mode and you want to apply scoping to your AuthnRequest.

See https://github.com/simplesamlphp/simplesamlphp/pull/1563 for the full explanation of the changes.

Add some controllers + tests