Update dependency com.onelogin:java-saml to v2.9.0

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.onelogin:java-saml	2.5.0 -> 2.9.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

onelogin/java-saml (com.onelogin:java-saml)

v2.9.0: OneLogin's SAML Java Toolkit v2.9.0

Compare Source

• #​352 Add factories as an extension mechanism for Auth
• #​367 Improve SP contacts
• #​370 Update parseXML to use XMLErrorAccumulatorHandler
• #​376 docs: update dependency version used in README and add TOC

Full Changelog: SAML-Toolkits/java-saml@v2.8.0...v2.9.0

v2.8.0: OneLogin's SAML Java Toolkit v2.8.0

Compare Source

• Updated xmlsec to 2.2.3 which fixes CVE-2021-40690
• #​359 Allow to control NameIDPolicy.AllowCreate attribute on AuthnReques
• #​356 Validate assertion version as well in SAML response validation
• #​351 Support more complex response statuses in LogoutResponse generation
• #​350 Improve authentication and logout request input params API
• #​321 Allow for extension classes to post-process generated XML
• #​340 Trim values obtained with getTextContent() on any XML node
• #​327 Ensure local resolution of schemas (and DTDs)
• #​315 Properly escape text to produce valid XML

v2.7.0: OneLogin's SAML Java Toolkit v2.7.0

Compare Source

• Support sending extra GET parameters on login and logout
• #​331 Made the SamlResponse returned attribute map preserve attribute order
• #​333 Fix extraction of the response issuer
• #​320 Add Auth.getLastMessageIssueInstant and Auth.getLastRequestIssueInstant
• #​341 Made LogoutRequest and LogoutResponse more extensible
• #​318 Made SamlResponse more extensible
• #​308 Made constants real constants
• #​300 Support for SingleLogoutService ResponseLocation in IdPMetadataParse
• #​295 Support Alg Deprecated rejection
• 296 Improve SettingsBuilder build method in order to fix an issue at injectIntoSettings method
• #​290 Support for unwrapping key via an HSM when decrypting the SAML assertion
• #​293 Support digest algorithm at settings
• #​337 Remove useless XMLEntityException declaration in logout throws clause
• #​339 Remove the useless Exception throws declaration in LogoutRequest.isValid
• Improved documentation
• Update dependencies due to security warnings.
• Migrate from Travis to Github Actions

v2.6.0: OneLogin's SAML Java Toolkit v2.6.0

Compare Source

• Check that the certificate of the XML matches the value registered (cert/fingerprint) before validating signature to be able identify such issue.
• 218 Exposing statuscode and substatuscode through toolkit.
• 233 When checking IdP Settings, verify with multiple possible IdP certs.
• 240 Support KeyStore file for SP. Also 243
• 244 Add StatusCode support for logout response
• 232 Make Fingerprint check case insensitive
• Allow duplicated names in AttributeStatement by configuration.
  -253 Expose validation exception in Saml classes
• Support NameID Encryptation with MultiCert
• 276 Fix signature validation issue when using fingerprint and sha256 alg
• 272 Fix format time issues
• 284 fix nameidNameQualifier typo on logout example
• 283 Expose a constructor for SamlResponse class which doesn't require HttpRequest
• 250 Add a stay parameter to Auth processSlo
• Make ProtocolBinding in the AuthnRequest configurable
• Metadata constructor now will not set a validUntilTime/cacheDuration if a null parameter is added, if no param provided, it will take constant values.
• Update dependencies
• Update the .java-version file to 1.8

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box