Be graceful with the 'baseurlpath' configuration option. We should not fail when the trailing slash is missing, just add it.

Fix another issue with URLs not being validated before displaying them into a page. Reported by John Page (hyp3rlinx).

Fix an issue with some PHP environments (mostly related to FastCGI or php-fpm, common with nginx) where $_SERVER['SCRIPT_NAME'] is already populated with $_SERVER['PATH_INFO'] appended to it. In those cases, we should not blindly append PATH_INFO to SCRIPT_NAME, but check the latter first. This hopefully resolves #5 and closes #391.

Use LONGTEXT instead of the TEXT data type in MySQL to avoid size constraints in the latter. This resolves #399.

If we have an exception registered in the state array while authenticating, we should throw that exception instead of just printing it as plain text and exit. This resolves #401.

Allow regular expression matching of trusted.url.domains.

Fixes #379

Verify that the URL passed as a parameter in the no cookie error page is allowed. Reported by John Page (hyp3rlinx).

Fix an issue with the SimpleSAML\Logger class that was still trying to fetch the track ID from the session when running from the command line, where there's obviously no session at all.

General improvements of MemcacheMonitor module

Sometimes appear in error logs as:

PHP Notice:  Undefined index: ReturnTo in .../modules/core/www/as_login.php on line 9
PHP Notice:  Undefined index: AuthId in .../modules/core/www/as_login.php on line 13

Added missing definitions

Fix missing type attribute to comply with W3c XHTML 1.0 Transitional

In the LDAP class, the password should only be escaped if it's not null, so that we don't try to bind with an empty password if none was provided. This fixes #366 and closes #370.

The data store can be a custom class in a module. When we cannot load a class matching the 'store.type' configuration option we don't handle the exception, causing a fatal error. Use the new CriticalConfigurationError to fix that. This fixes #369.

Start using the new configuration exceptions, handling error situations that before led to blank pages or even worse.

Add a couple new exceptions, both to signal configuration issues. One can be used to signal an error in a certain configuration, leaving to the user deciding whether it was critical or not, and what to do to deal with it. The other one indicates a configuration exception that we cannot recover from (i.e. missing files), and bootstraps a minimal configuration skeleton that we can use to go on momentarily.

If $_SERVER does not contain the variables we need (i.e. when running tests) it makes no sense at all to try to guess the root URI, since there's no such a thing, probably.

Modify the core:AttributeMap authentication processing filter to allow fetching mapping files from modules, not only from the 'attributemap' directory in the root of SSP's installation.

Fix build. It was broken due to a chicken & egg problem, with SimpleSAML_Configuration raising creating a new SimpleSAML_Error_Exception that tries to load the configuration.

If we are asked to load an unknown auth source, we should raise a SimpleSAML_Error_AuthSource exception.

When exceptions happen in the context of a SAML transaction, we don't need to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.

- Exception messages and backtraces are now decoupled, so that they can be logged independently.
- Backtraces are now logged with "debug" log level, and only in case the "debug" configuration option is set.
- A new log() method allows the exception itself to decide which log level to use. This can be used by exceptions overriding this method to change the log level accordingly.
- Add a new parameter to the format() method so that the formatted message is anonymized, safe for display in the browser.

Additionally, this resolves #281.

Add a proper message to the SimpleSAML_Error_NotFound exception, instead of printing its parameters.