Deprecate the 'userid.attribute' option. We should define specific options for each module using it, in order to avoid confussions.

Bugfix: if there's no session, getCookieSessionId() cannot return a session identifier, therefore there's no session we can return. This resolves #256.

Fixed to follow PSR-2 coding guidelines, proper indentation and a minor fix in equality operand (== vs ===)

The `makeException` function returns an instantiated object, so the
caller shouldn't also call `new`.

SimpleSAML\Utils\Attributes::getExpectedAttribute(): Check if the attribute has any values, and raise an exception if not.

Refactor SimpleSAML\Utils\Arrays::normalizeAttributesArray() to SimpleSAML\Utils\Attributes::normalizeAttributesArray().

Duplicate the $state['SimpleSAML_Auth_Default.*'] entries to $state['SimpleSAML_Auth_Source.*'] where needed, while we are transitioning to 2.0. Leave those that will be removed in SimpleSAML_Auth_Default. Move the rest of the code to the new entries in the state array.

Take back the migration of SimpleSAML_Auth_Default::initLogout(), initLogoutReturn() and logoutCompleted(), as they are not used anywhere. We'll just deprecate them and remove them in 2.0 then.

Throw an exception in SimpleSAML_Auth_Simple when the auth source cannot be found. This avoids trying to access a method in an object that's actually null.

Move SimpleSAML_Auth_Default::initLogoutReturn() to SimpleSAML_Auth_Source and deprecate the former.

Throw an exception instead of doing nothing if the auth source specified is invalid. This mimics the old behaviour.

Add a check in case the authentication authority specified in SimpleSAML_Auth_Default::initLogin() is not valid.

Reimplement the old SimpleSAML_Auth_Default::loginCompleted() as a wrapper of the refactored method in SimpleSAML_Auth_Source, now that the latter is public again.

SimpleSAML_Auth_Source::loginCompleted() needs to be declared public, as it is used as a callback from outside the class.

Deprecate SimpleSAML_Default::logoutCallback() and move it to SimpleSAML_Auth_Source. This also resolves an issue with this callback not being called, since SimpleSAML_Auth_Source::initLogin() was expecting the method to be inside that class.

Refactor SimpleSAML_Auth_State::extractPersistentAuthState() to getPersistentAuthData() to avoid confusions around the behaviour of this method.

The state array should not be modified after extracting (getting) the persistent authentication data. This resolves #247.

Deprecate SimpleSAML_Default::initLogin() and move it to SimpleSAML_Auth_Source as a non-static method.

Move SimpleSAML_Auth_Default::handleUnsolicitedAuth() to sspmod_saml_Auth_Source_SP::handleUnsolicitedAuth() and deprecate the former.

Move SimpleSAML_Auth_Default::extractPersistentAuthState() to SimpleSAML_Auth_State::extractPersistentAuthState() and deprecate the former.

(as suggested by jhaar in issue #120 and used by us)