SamlIDP v1

[jphenow]

In PR #224: the gem previously auto-rendered head :forbidden when SAML request validation failed, but now exposes errors via request.errors and requires applications to handle the rendering themselves.

From the PR comments:

# Old behavior (automatic):
head :forbidden if defined?(::Rails)

# New behavior (manual):
return true if valid_saml_request?

Application must now check request.errors and handle accordingly

This breaks existing applications that relied on automatic error responses.

@Zogoo: "This was not UX friendly option that rendered a black screen from the gem. We should leave this decision to the application side."

Other significant changes:

• PR Alternative to support multiple x509 Certificates via procs #211: Config values (x509_certificate, secret_key, password) can now be procs, not just strings
• PR [improvements] Return error to application and support SLO request validation #224: Adds unspecified_certificate support and SLO validation
  Various signature validation improvements

Per semantic versioning, API changes that break existing implementations require a major version bump.

[Zogoo]

@jphenow nice to see you again. If you are on v1, I will try my be more active from now.
Regarding the issue, I can bring back the previous head :forbidden with optional config if you think that's better than bumping the version.