For #455

`noop()` is a method on the template after all.

This makes instanciating the Translate/Template-class unnecessary.

For #455

For #455

For #455. Note that if translation tags were domain-free strings, the
mapping from tab to tabtitle would be redundant. It would still be
necessary to mark the strings as noop however.

For #454, #455

For #455

Deprecate the certFingerprint option.

There was a typo in the name of the class, where the module was referenced as "smartattribute" instead of "smartattributes".

This is needed for the autoloader to work, or code calling class_implements(), among others.

Added checks for Date/Time, JSON, cURL and Session.

For: #454

For: #454

Even though the default "exact" is used by most people, and few products support anything else, there's people asking for this.

Since we have updated the version of the SAML2 library in use, we should use SAML2\Constants now.

Instead of keeping SAML-specific error exceptions in lib/SimpleSAML/Error, it makes more sense to have those in the saml module. Now that we have the recent NoAvailableIDP and NoSupportedIDP errors moved there, it's time to change the code implemented recently that uses them.

This makes it easier to identify error conditions and return errors to an SP. More known errors should also be added here.

The SAML2 IdP should keep the RequestedAuthnContext in the state array, so that authentication sources (or processing filters) can use that information during authentication.

Removed html extension in Twig files

This is due to the update of the SAML2 library, that caused several other bugs, mainly with attributes like eduPersonTargetedID, which should always be an SAML NameID.

It is possible that the current script ($_SERVER['SCRIPT_FILENAME']) is inside SimpleSAMLphp's 'www' directory. However, even if that's the case, we should not enforce our base URL (as set in the 'baseurlpath' configuration option) if the request URI ($_SERVER['REQUEST_URI']) does not contain the relative path to the script. This is the case of AuthMemCookie, for example, where accessing a random URL protected by Apache, leads to the execution of a SimpleSAMLphp script, where SimpleSAML\Utils\HTTP::getSelfURL() must not try to be smart when guessing the current URL.

We don't use the MySQL extension directly, but PDO instead. We should therefore check for the PDO extension.

This resolves #448.

This reverts commit ce040885.

It is possible that the current script ($_SERVER['SCRIPT_FILENAME']) is inside SimpleSAMLphp's 'www' directory. However, even if that's the case, we should not enforce our base URL (as set in the 'baseurlpath' configuration option) if the request URI ($_SERVER['REQUEST_URI']) does not contain the relative path to the script. This is the case of AuthMemCookie, for example, where accessing a random URL protected by Apache, leads to the execution of a SimpleSAMLphp script, where SimpleSAML\Utils\HTTP::getSelfURL() must not try to be smart when guessing the current URL.

Update module docs

Remove inline style sheet

- Bugfix: the modules/saml/www/proxy/invalid_session.php shouldn't call directly the error handler in sspmod_saml_IdP_SAML2. Instead, it should use the SimpleSAML_Auth_State::throwException() method to let it handle the exception appropriately (in this case, it should always return back to the requester).
- The standard specifies that a "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP" or "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP" second-level status code should be returned to the requester in case an error occurs. Add a couple of exceptions to represent both statuses, and use them to set the right status code in the response.
- We shouldn't ask the user to logout in case the IDPList does not offer an IdP we recognize, or in case the proxy enforces the use of an IdP ('idp' configuration option in the auth source) and such IdP is in the IDPList.
- Similarly, these two cases should also handled in case we are authenticating for the first time, not only when reauthenticating.