The SAML2 IdP should keep the RequestedAuthnContext in the state array, so that authentication sources (or processing filters) can use that information during authentication.

Due to recent changes in the SAML2 library, when an attribute has a value that contains XML, its contents are returned as a DOMNodeList instead of a string. This causes problems when running as a proxy, since the SAML2 IdP will obtain attributes in a format that cannot be cast to string. Regardless of the attribute encoding configured in the IdP for a remote SP, we should handle those cases gracefully, so that the IdP don't end up in an uncaught exception.

Now we are finally using the 2.x branch of the SAML2 library, which was also migrated to use namespaces. Even though the library provides an autoloader that allows loading the classes with the old names using class aliasing, we need to do the migration in one commit (at least for most part of it). This is due to the way SimpleSAMLphp checks data types, using inheritance to check objects agains abstract or more general classes. Even though class aliasing works, there's no way to replicate those relationships, and type checks that use the old class names will fail because the aliases are virtually new classes that don't inherit from others.

When exceptions happen in the context of a SAML transaction, we don't need to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.

(being respectful with occurences that might change the behaviour, i.e. default database prefixes)

When building an assertion, the current time should be obtained once, used many, instead of being obtained every time we are using it (that could lead to clock discrepancies between several timestamps in the same assertion). Additionally, if authentication happened in the past (that is, we got a request that is not the one that triggered authentication, and this is pure SSO), we should calculate the value for SessionNotOnOrAfter relative to the start of the session, not the current time. This resolves #244.

Move SimpleSAML_Utilities:: checkCookie() to SimpleSAML\Utils\HTTP::checkSessionCookie() and deprecate the former.

Move SimpleSAML_Utilities::selfURLNoQuery() to SimpleSAML\Utils\HTTP::getSelfURLNoQuery() and deprecate the former.

Move SimpleSAML_Utilities::selfURL() to SimpleSAML\Utils\HTTP::getSelfURL() and deprecate the former.

Move SimpleSAML_Utilities::addURLparameter() to SimpleSAML\Utils\HTTP::addURLParameters() and deprecate the former.

Move SimpleSAML_Utilities::getSecretSalt() to SimpleSAML_Utils_Config::getSecretSalt(). Deprecate the former and stop using it.

Move SimpleSAML_Utilities::generateID() to SimpleSAML_Utils_Random::generateID(). Deprecate the former and schedule it for removal in 2.0.

Add statistics data to saml:idp:Response and saml:idp:Response:error
with the total time since we began processing the authentication
request.

This change makes it easier to add elements to the statistics data
logged when the IdP sends an authentication response.

Rename SimpleSAML_Session::getInstance() to SimpleSAML_Session::getSessionFromRequest(), and leave the former as deprecated.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3349 44740490-163a-0410-bde0-09ae8108e29a

Take into account the NameIDFormat specified in idp-hosted metadata when no such option is configured for an SP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3312 44740490-163a-0410-bde0-09ae8108e29a

Split binding prioritizing out of getDefaultEndpoint to a new getEndpointPrioritizedByBinding function.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3303 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3301 44740490-163a-0410-bde0-09ae8108e29a

Complete bugfix for issue #561. HTTP-Post supported for SLO not initiated by the SP. Working for both traditional logout and iframe version.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3262 44740490-163a-0410-bde0-09ae8108e29a

This reverts commit 391145ae84d5aa4150ff5747a304d0af2aeb161f.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3261 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3259 44740490-163a-0410-bde0-09ae8108e29a

Full support for HTTP-POST binding in WebSSO profile. Two new directives in hosted metadata (SingleSignOnServiceBinding and SingleLogoutServiceBinding) to control the bindings published as supported in the metadata.

Bugfix in the logout handler (SOAP binding should be reused when responding a request).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3257 44740490-163a-0410-bde0-09ae8108e29a

This function should not return NULL, but did so due to a missing
return statement. This patch adds that return statement, and fixes
the documentation for the function.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3206 44740490-163a-0410-bde0-09ae8108e29a

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3137 44740490-163a-0410-bde0-09ae8108e29a

For consistency with other IdP events.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3068 44740490-163a-0410-bde0-09ae8108e29a

This patch adds support for the holder-of-key profile for both the
SAML 2.0 SP and the SAML 2.0 IdP.

Thanks to Andreas Mayer for implementing this!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3061 44740490-163a-0410-bde0-09ae8108e29a