Integration test fix

[jackHay22]

As far as I can tell, SimpleSAMLPhp requires that a SAML signing certificate for a given SP must be configured rather than provided in the metadata that the SP publishes. It doesn't seem like something that is part of the SAML standard. Therefore, testing SAML request signing with the SimpleSAMLPhp server would require hard coding a private key in the integration test and a X509 certificate in the SimpleSAMLPhp server configuration.

Changes

• Autogenerate a cert/private key if omitted in configuration.
• Change signing flag to depend on the presence of cert/private key

[kdumontnu]

How does this affect the process of a user configuring a service provider (and the docs)? Are you saying that the key pair must be provided to the user so that they can upload it to the identity provider?

If I understand correctly, we're now autogenerating a key pair if it's not in the form. If that's the case, those fields should be optional, and we need to tell the user that's the case, something like "If empty, the key will be generated automatically".

[jackHay22]

How does this affect the process of a user configuring a service provider (and the docs)? Are you saying that the key pair must be provided to the user so that they can upload it to the identity provider?

In the case of SimpleSAMLPhp, the administrator would need to manually add the signing certificate to the configuration.

If I understand correctly, we're now autogenerating a key pair if it's not in the form. If that's the case, those fields should be optional, and we need to tell the user that's the case, something like "If empty, the key will be generated automatically".

I updated the description in the documentation to reflect this. Additionally, once the form is submitted those fields will then be populated with the generated certificate and private key so that the admin could then use the certificate elsewhere.