In the LDAP class, the password should only be escaped if it's not null, so that we don't try to bind with an empty password if none was provided. This fixes #366 and closes #370.

The data store can be a custom class in a module. When we cannot load a class matching the 'store.type' configuration option we don't handle the exception, causing a fatal error. Use the new CriticalConfigurationError to fix that. This fixes #369.

Start using the new configuration exceptions, handling error situations that before led to blank pages or even worse.

Add a couple new exceptions, both to signal configuration issues. One can be used to signal an error in a certain configuration, leaving to the user deciding whether it was critical or not, and what to do to deal with it. The other one indicates a configuration exception that we cannot recover from (i.e. missing files), and bootstraps a minimal configuration skeleton that we can use to go on momentarily.

If $_SERVER does not contain the variables we need (i.e. when running tests) it makes no sense at all to try to guess the root URI, since there's no such a thing, probably.

Modify the core:AttributeMap authentication processing filter to allow fetching mapping files from modules, not only from the 'attributemap' directory in the root of SSP's installation.

Fix build. It was broken due to a chicken & egg problem, with SimpleSAML_Configuration raising creating a new SimpleSAML_Error_Exception that tries to load the configuration.

If we are asked to load an unknown auth source, we should raise a SimpleSAML_Error_AuthSource exception.

When exceptions happen in the context of a SAML transaction, we don't need to log the sspmod_saml_Error exception itself, as that doesn't have any valuable information. We log the exception itself instead. Reword the previous message a bit, too.

- Exception messages and backtraces are now decoupled, so that they can be logged independently.
- Backtraces are now logged with "debug" log level, and only in case the "debug" configuration option is set.
- A new log() method allows the exception itself to decide which log level to use. This can be used by exceptions overriding this method to change the log level accordingly.
- Add a new parameter to the format() method so that the formatted message is anonymized, safe for display in the browser.

Additionally, this resolves #281.

Add a proper message to the SimpleSAML_Error_NotFound exception, instead of printing its parameters.

Resolve #359. The login button was disappearing in mobile devices. Reordered the form a bit too for those devices, so that the view is better.

Add Polish translation for multiauth module

Add a method to SimpleSAMLphp_SessionHandlerPHP to restore a session existing previously to our own session. This can be used in SimpleSAML_Session to restore the PHP session status previous to calling our API, while also guaranteeing that our session is correctly saved. The documentation has been updated to reflect this and recommend how to deal with conflicting PHP sessions. This closes #244 and resolves #349.

Bugfixes: the PHP session handler only fetches the cookie configuration parameters if session_id() returns a non-empty ID. This won't happen if the application initialized a session previously, hijacking the session and causing all kinds of trouble. Instead, we need to detect if there's an active session, save its parameters and close it. After closing it, we can name a new session and set the cookie parameters.

Bugfix: when using PHP sessions, if there's already a session, session_id() will return the identifier of that session, not our session. In that case, we need to make sure it is our session so that we don't hijack the one of the application.

Add attribute mappings for eduPersonOrcid

Migrate the logout handlers to namespaces, change the base abstract class to be an interface instead.

Migrate all the logging handlers to namespaces. Make SimpleSAML\Logger a bit more intelligent so that it allows using custom logging handlers. Now you just need to implement SimpleSAML\Logger\LogginghandlerInterface in a class, and set the 'logging.handler' option in the configuration file to a string with the full name of your class.