SHA-1 is still supported but needs to be configured explicitly if you need it.

This commit addresses Issue 268 and makes the negotiate module a bit more configurable, like the ldap-module it's leaning on..

to a default value and then executing a test to change it.

Added some very basic tests for the AttributeAlter module.

Fixed a bug in how %replace is handled when 'target' is specified to avoid multiple attribute values
instead of replacing the attribute value.

Update jQuery version to the latest 1.8.x. Make those templates specifying a version to stop doing it. This resolves #24, at least for some time.

Refactor SimpleSAML\Utils\Arrays::normalizeAttributesArray() to SimpleSAML\Utils\Attributes::normalizeAttributesArray().

Duplicate the $state['SimpleSAML_Auth_Default.*'] entries to $state['SimpleSAML_Auth_Source.*'] where needed, while we are transitioning to 2.0. Leave those that will be removed in SimpleSAML_Auth_Default. Move the rest of the code to the new entries in the state array.

Revert the new configuration option for the core:PHP authproc. Since we need to serialize authprocs and SP metadata in the state array, and closures are not serializable, it doesn't work. We could create a new module with this, adding a dependency on opis/closure 2.0.* or equivalent, to be able to serialize closures.

When building an assertion, the current time should be obtained once, used many, instead of being obtained every time we are using it (that could lead to clock discrepancies between several timestamps in the same assertion). Additionally, if authentication happened in the past (that is, we got a request that is not the one that triggered authentication, and this is pure SSO), we should calculate the value for SessionNotOnOrAfter relative to the start of the session, not the current time. This resolves #244.

Refactor SimpleSAML_Auth_State::extractPersistentAuthState() to getPersistentAuthData() to avoid confusions around the behaviour of this method.

The state array should not be modified after extracting (getting) the persistent authentication data. This resolves #247.

Provide config options to allow SQLPersistentNameID to be less conservative about creating entries in the SQL datastore, whilst preserving default behaviour

Deprecate SimpleSAML_Default::initLogin() and move it to SimpleSAML_Auth_Source as a non-static method.

Move SimpleSAML_Auth_Default::handleUnsolicitedAuth() to sspmod_saml_Auth_Source_SP::handleUnsolicitedAuth() and deprecate the former.

Move SimpleSAML_Auth_Default::extractPersistentAuthState() to SimpleSAML_Auth_State::extractPersistentAuthState() and deprecate the former.