Issue a notice when the option is used nonetheless.

Closes: #432

If we want to access the sandbox, we can do that from admin/ or type the URL directly.

The saml:FilterScopes filter was removing values that did not contain a scope. It shouldn't.

The new saml:FilterScopes allows a SAML Service Provider to remove the values from a scoped attribute whose scope is not declared in the IdP metadata and/or does not match with the domain in use by the IdP itself.

This closes #22.

Use the recently added SimpleSAML_Configuration::getBasePath() instead. It guarantees the path prepended with a slash, so no need to do that every time when calling the method. As a side effect, we get rid of buggy invocations (calling getBaseUrl() instead of getBaseURL()), and also of old-style convention for the 'baseurlpath' configuration option, allowing a star at the beginning.

Now we are finally using the 2.x branch of the SAML2 library, which was also migrated to use namespaces. Even though the library provides an autoloader that allows loading the classes with the old names using class aliasing, we need to do the migration in one commit (at least for most part of it). This is due to the way SimpleSAMLphp checks data types, using inheritance to check objects agains abstract or more general classes. Even though class aliasing works, there's no way to replicate those relationships, and type checks that use the old class names will fail because the aliases are virtually new classes that don't inherit from others.

This is related to PR #313. The option was in use but not documented.

Add a configuration option named 'admin.checkforupdates' to enable or disable this feature.

We shouldn't wait for long when connecting to github's API to check for the latest release. Set a timeout of a couple of seconds. Also, remove commented debugging code.

Now that we have all our releases in github, we can use its API to see of the latest stable release there is newer than the version we are running. In that case, we show a warning in the configuration tab.

Both have been migrated to use namespaces.

Improve the comment around error=user_denied

rather than the discontinued OAuth WRAP. Attributes are now retrieved
from the Microsoft Graph API rather than the Messenger API.

This makes the filter a little more useful for people who want to generate default values from another attribute only if none alreay exist.

Change the extension of the documentation files from .txt to .md so that they can processed as markdown and displayed in github.

If we have an exception registered in the state array while authenticating, we should throw that exception instead of just printing it as plain text and exit. This resolves #401.

Verify that the URL passed as a parameter in the no cookie error page is allowed. Reported by John Page (hyp3rlinx).

Sometimes appear in error logs as:

PHP Notice:  Undefined index: ReturnTo in .../modules/core/www/as_login.php on line 9
PHP Notice:  Undefined index: AuthId in .../modules/core/www/as_login.php on line 13

Added missing definitions

Fix missing type attribute to comply with W3c XHTML 1.0 Transitional

Modify the core:AttributeMap authentication processing filter to allow fetching mapping files from modules, not only from the 'attributemap' directory in the root of SSP's installation.

When exceptions happen in the context of a SAML transaction, we don't need to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.

Resolve #359. The login button was disappearing in mobile devices. Reordered the form a bit too for those devices, so that the view is better.

Creating a session doesn't seem the way to NOT create a session. Stop creating a transient session, it only causes trouble.

This is related to #346, and closes #347. It enables richer NameIDPolicy configuration, allowing to set not only the format, but also the value for "AllowCreate".