Satosa

- Make cookie parameters configurable
- Avoid setting duplicate set-cookie headers
- Complete the support for the mdui:UIInfo element
- satosa-saml-metadata: make signing optional
- metadata_creation: for SAML backend, use sp.config to render metadata
- tests: update markers of supported Python versions
- deps: move away from pkg_resources when deriving the package version at runtime

- FilterAttributeValues plugin: add new filter types shibmdscope_match_scope and shibmdscope_match_value; add tests
- FilterAttributeValues plugin: add example rules for saml-subject-id and saml-pairwise-id
- FilterAttributeValues plugin: add example rules enforcing controlled vocabulary for eduPersonAffiliation and eduPersonScopedAffiliation attributes
- DecideBackendByRequester plugin: add default_backend setting; add tests; minor fixes
- opend_connect backend: use PyoidcSettings class to configure pyoidc/oic based clients
- ping frontend: minor adjustments and fixes for interface compliance
- tests: update code to use matchers API to mock responses
- examples: improve configuration readability of the primary-identifier plugin
- examples: minor fixes and enhancements for ContactPerson examples for SAML backend and frontend

- attribute_authorization: new configuration options `force_attributes_presence_on_allow` and `force_attributes_presence_on_deny` to enforce attribute presence enforcement
- saml2 backend: new configuration option `acs_selection_strategy` to support different ways of selecting an ACS URL
- saml2 backend: new configuration option `is_passive` to set whether the discovery service is allowed to visibly interact with the user agent.
- orcid backend: make the name claim optional
- apple backend: retrieve the name of user when available.
- openid_connect frontend: new configuration option `sub_mirror_subject` the set sub to mirror the subject identifier as received in the backend.
- openid_connect frontend: check for empty `db_uri` before using it with a storage backend
- attribute_generation: try to render mustach tempate only on string values
- logging: move cookie state log to the debug level
- chore: fix non-formatting flake8 changes
- tests: remove dependency on actual MongoDB instance
- build: update links for the Docker image on Docker Hub
- docs: properly document the `name_id_format` and `name_id_policy_format` options
- docs attribute_generation: correct example configuration
- docs: fix mailing list link.
- docs: fix typos and grammar

- OIDC frontend: Set minimum pyop version to v3.4.0 to ensure the needed methods are available
- docs: Fix orcid mapping in example internal_attributes

- OIDC frontend: support stateless code flow
- OIDC frontend: support Redis and session expiration
- orcid backend: allow family-name to be optional
- docs: add references to external contributions
- docs: update structure

- Reinitialize state if error occurs while loading state
- VirtualCoFrontend: Expose metadata endpoint and fix duplicate entity ids with multiple backends
- saml-backend: Allow request micro-services to affect the authn-context-class-ref
- saml-backend: Keep the last authority from the authenticating authority list
- minor fixes to the Apple and GitHub backends
- micro_services: example config for attribute_policy
- deps: bump minimum pyop version to 3.3.1
- docs: fixes for example files and config options