• Support rejecting unsolicited SAMLResponses.
• Support stric destination matching.
• Reject SAMLResponse if requestID was provided to the validotr but the InResponseTo attributeof the SAMLResponse is missing
• Check destination against the getSelfURLNoQuery as well on LogoutRequest and LogoutResponse as we do on Response
• Improve getSelfRoutedURLNoQuery method
• Only add responseUrl to the settings if ResponseLocation present in the IdPMetadataParser
• Remove use of $_GET on static method validateBinarySign
• Fix error message when Assertion and NameId are both encrypted (not supported)