Django-auth-adfs

**Added**

* Added views to selectively disable SSO for login links

**Fixed**

* Existing users with an empty password raised an exception

**Added**

* Add a setting to force a login screen and disable SSO on ADFS.
* Documentation about how to enable SSO for other browsers than IE & Edge.

**Fixed**

* Prevent username field from being overwritten by a claim mapping.
* Prevent traceback upon logout when ADFS config is not yet loaded.
* Fix fields in log messages being swapped.

**Security**

* Don't allow the audience claim to be ignored. Preventing access token reuse.
* Set an unusable password on newly created user instead of leaving it empty.

**This version contains backwards incompatible changes. Make sure to read the entire release notes**

**Added**

* Windows 2016 (a.k.a. ADFS 4.0) Support
* AzureAD support (check the setting ``TENANT_ID``)
* Django Rest Framework support.
* Add a ``RETRIES`` and ``TIMEOUT`` setting for requests towards the ADFS server.
* Add the ``CLIENT_SECRET`` setting to support client secrets in the OAuth2 Flow.
* Users are now redirected back to the page that triggered the login instead of the main page.
* Groups a user belongs to can now be automatically created in Django (check the ``MIRROR_GROUPS`` setting)

**Changed**

* Django 2.1 support
* All settings that can be determined automatically are now set automatically
* When a claim mapped to a non-required field in the user model is missing,
a warning is logged instead of an exception raised

**Incompatible changes**

* Because of the login and logout views that were added, the redirect URI back from ADFS should
now point to ``/oauth2/callback``. Keeping it at ``/oauth2/login`` would have caused a potential redirect loop.

**Deprecated**

* these settings are now loaded from ADFS metadata automatically and have been deprecated:

* ``AUTHORIZE_PATH``
* ``LOGIN_REDIRECT_URL``
* ``ISSUER``
* ``REDIR_URI``
* ``SIGNING_CERT``
* ``TOKEN_PATH``