Django-digid-eherkenning

===================

Release to tweak the SAML metadata generation.

The changes in 0.18.0 were not sufficient - eHerkenning brokers & DigiD metadata
consumers reported back that they don't want to see the current certificate in the
metadata because it will soon expire. Now we include the next certificate if one is
available, and otherwise use the current certificate, meaning there will only ever be
one certificate in the metadata. This is consistent with the service catalog change in
0.20.0.

===================

**💥⚠️ Breaking changes**

* Data migrations were removed. If you still need them make sure you upgrade to v0.19
first.

**Other changes**

* Squashed the migrations - new installs now use optimized migrations.
* Fixed running ``tox`` locally.
* eHerkenning service catalog generation now takes the next certificate into account if
one is available.
* Pinned the support ``xmlsec`` version to 1.3.14 due to build errors in combination
with ``lxml``. We expect this to be resolved upstream soon-ish.

===================

Very small patch release.

* The default value for DIGID_MOCK_IDP_VALIDATE_CALLBACK_URLS is no longer equal to
settings.DEBUG but to its inverse.

===================

Small patch release.

* Fixed new-migration check because of outdated help text.
* Added the option to validate redirect URIs in the DigiD mock, mostly to avoid
unproductive discussions with auditors.

===================

Added some additional eHerkenning/eIDAS metadata fields.

* Added fields for administrative contact person details.
* Added a field for a separate eIDAS service description.

===================

Metadata-generation tweaks.

It was reported to Open Formulieren that the generated (eHerkenning) metadata is not
according to spec. This has been resolved in this release. No runtime authentication
behaviour should be changed.

* Updated the XSD for service catalog to v1.24.
* Removed the default requested attributes from eHerkenning config model.
* eHerkenning metadata tests now perform SAML v2.0 XSD validation.
* Removed the forbidden NameIDFormat element from the eHerkenning metadata.
* If both eHerkenning and eIDAS assertion consumer services are included, the
eHerkenning service is marked as default.
* Removed the SHA1 signing/digest algorithms from the available options for eHerkenning.
* Removed the ``use`` attribute from the key descriptors in the eHerkenning metadata,
marking each key as used for both encryption and signing.