(cherry picked from commit 8a68ea27)

(cherry picked from commit e5669a0e)

Closes:  #1659

This auth source no longer supports SAML 1.1 so the ACS code was keeping
track of protocol support with only SAML 2.0 as an option to be added.
Therefore, simplify and set this globally in the class. Keep the outside
interface for now the same where getSupportedProtocols returns as list
of the supported protocol.

Note: if you specify AssertionConsumerService in your config you are
responsible for it having actually bindings that we support. This has
always been the case. This PR makes no attempt to change it (the
specified URLs can even be outside of SSP).

Unify Organization* documentation since the SAML spec (and SSP) requires either all to be specified or none.

Since the functional description is that it would fill OrganizationURL,
for which a config option already exists, there's no use to make it
work, rather just simplify and drop the docs.

The old privatekey_pass was (wrongly) expected to be reused for the new
privatekey_pass. That prevented my SP from loading the new_privatekey.
Users could not log in from entities using the new key.

Clarify that the new key needs a new_privatekey_pass entry.

Closes: #1430

* Configurable ProviderName

Co-authored-by: Tim van Dijen <tvdijen@gmail.com>

Closes #1346

* Remove deprecated classes

* Remove support for certificate fingerprints

* Remove many deprecated methods and pieces of code

* Remove SAML1.1/Shib1.3 support

* Remove many superfluous annotations

* Update unit test to work with new PHPunit

Closes #1268 
Closes #1020 
Closes #431 
Closes #167 
Closes #151 

add store option to SQLPersistentNameID

This commit adds the ability to override the defaults in the generated SP metadata for SLO Location and ACS endpoints. This is necessary for my use case as I have additional ACS endpoints to publish in my metadata beyond the generated ones as well as a custom SLO handler that I need to direct my users to. If unset in the config, it uses the defaults as before.

Change documentation from recommending 2048 bit keys to using 3072 bit
keys.

Given that we're recommending people generate ten-year keys, 2048 bit
keys are probably a bit short. Almost all commercial certificate
authorities now recommend 4096 bit keys, and eduGAIN requires 3072 bit
keys for new federations.

This change aligns the SimpleSAMLphp documentation with the lower
eduGAIN requirement, since that still meets most standards bodies
recommendations for 2028 (ten years from now). cf
https://www.keylength.com/

SHA-1 is still supported but needs to be configured explicitly if you need it.

It can now be used with \SimpleSAML\Auth\Simple, although the old name still works too.

Added configuration support for index and isDefault on the generated md:AttributeConsumingService element

Added two metadata configuration options attributes.index and attributes.isDefault to the Service Provider section that outputs to the md:AttributeConsumingService element.
attributes.index overrides the index attribute value with another integer value specified.
attributes.isDefault adds the isDefault attribute with the given boolean value, if the configuration option is specified.