Satosa

- ldap_attribute_store plugin: Add configuration option `use_all_results` to
specify whether all LDAP results should be processed.
- ldap_attribute_store plugin: Add configuration option `provider_attribute` to
define the extracted attribute (ie, domain) that will be used to select the LDAP
configuration.
- ldap_attribute_store plugin: Add configuration option search_filter to define
complex LDAP queries, when the default search based on an identifier is not
good enough.
- ldap_attribute_store plugin: Add configuration option pool_lifetime. The LDAP
Server may abandon connections after some time without notifying the client.
The new option allows to set the maximum pool lifetime, so that connections
close on the client side.

- openid connect backend: Add OAuth2/OIDC backend based on idpy-oidc (new extra requirement `idpy_oidc_backend` to pull the library dependecy)
- apple backend: Rework the Apple backend to be based on the generic OpenIDConnectBackend and fix the userinfo loading
- Restructure fatal error messages to redirect to generic error page when an errors occur
- Allow multiple values for the "resource" query param
- Fix checks for missing state from cookie and missing relay state
- Allow loading of tuples from YAML configs
- docs: minor fixes

- Make cookie parameters configurable
- Avoid setting duplicate set-cookie headers
- Complete the support for the mdui:UIInfo element
- satosa-saml-metadata: make signing optional
- metadata_creation: for SAML backend, use sp.config to render metadata
- tests: update markers of supported Python versions
- deps: move away from pkg_resources when deriving the package version at runtime

- FilterAttributeValues plugin: add new filter types shibmdscope_match_scope and shibmdscope_match_value; add tests
- FilterAttributeValues plugin: add example rules for saml-subject-id and saml-pairwise-id
- FilterAttributeValues plugin: add example rules enforcing controlled vocabulary for eduPersonAffiliation and eduPersonScopedAffiliation attributes
- DecideBackendByRequester plugin: add default_backend setting; add tests; minor fixes
- opend_connect backend: use PyoidcSettings class to configure pyoidc/oic based clients
- ping frontend: minor adjustments and fixes for interface compliance
- tests: update code to use matchers API to mock responses
- examples: improve configuration readability of the primary-identifier plugin
- examples: minor fixes and enhancements for ContactPerson examples for SAML backend and frontend

- attribute_authorization: new configuration options `force_attributes_presence_on_allow` and `force_attributes_presence_on_deny` to enforce attribute presence enforcement
- saml2 backend: new configuration option `acs_selection_strategy` to support different ways of selecting an ACS URL
- saml2 backend: new configuration option `is_passive` to set whether the discovery service is allowed to visibly interact with the user agent.
- orcid backend: make the name claim optional
- apple backend: retrieve the name of user when available.
- openid_connect frontend: new configuration option `sub_mirror_subject` the set sub to mirror the subject identifier as received in the backend.
- openid_connect frontend: check for empty `db_uri` before using it with a storage backend
- attribute_generation: try to render mustach tempate only on string values
- logging: move cookie state log to the debug level
- chore: fix non-formatting flake8 changes
- tests: remove dependency on actual MongoDB instance
- build: update links for the Docker image on Docker Hub
- docs: properly document the `name_id_format` and `name_id_policy_format` options
- docs attribute_generation: correct example configuration
- docs: fix mailing list link.
- docs: fix typos and grammar

- OIDC frontend: Set minimum pyop version to v3.4.0 to ensure the needed methods are available
- docs: Fix orcid mapping in example internal_attributes