This is supposed to provide better support for OAuth 1.0 Revision A.

Raise exception when memcache-server is down

adds `flatten()` method to put also the nested elements in $userdata …

Fixed typo in core:TargetedID AuthProc filter

The exception was never raised because $stats will be array(false) on failure instead of just false.

Add ability to define additional attributes on ContactPerson element

adds `flatten()` method to put also the nested elements in $userdata (e.g. location) which are retrieved from linkedIn into the resulting attributes array

If a standard port is specified, then ignore it. Otherwise, include the port in the check so that non-standard ports must be whitelisted explicitly.

Formatting, namespaces, phpdoc.

This enables too the implementation of additional contact attributes, as requested in #509 to support the SIRTFI framework.

This resolves #476.

Make provision for a "South Africa" tab

Allow the language cookie to be secured

Fix typo

Minor format and exception message fixes, plus add information about the different communication channels we have today.

cf. 36051879

bugfix: Make sure a persistent NameID is not generated by default when the UserID is missing in the state array.

This allowed misconfigured IdPs (i.e. those without both a PersistenNameID authproc filter, a “userid.attribute” configuration option and no “eduPersonPrincipalName” attribute available after running all the authentication processing filters) to generate a persistent NameID based on “null”, effectively giving all users the same identifier.

bugfix: When obtaining a UserID for the state array prior to running authproc filters, if the source attribute had multiple values a warning was logged but the UserID was still recorded.

- Variables possibly undefined when first used.
- Usage of XMLSecurityKey class without proper namespace.

This resolves #530. There are two problems here:

- When only one SubjectConfirmation is received and it is empty, an error should be thrown. However, the error would be a not very descriptive message warning about access to a non-property in a null object. Something more descriptive should be in place.
- Additionally, in PHP 7.0 this is an error and not an exception, and then the code continues to execute, effectively allowing assertions without a proper SubjectConfirmation element. This is wrong according to the standard.