OneLogin's SAML PHP Toolkit v2.20.0

• #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
• #585 Declare conditional return types
• Make Saml2\Auth can accept a param $spValidationOnly
• #577 Allow empty NameID value when no strict or wantNameId is false
• #570 Support X509 cert comments
• #569 Add parameter to exclude validUntil on SP Metadata XML
• #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
• #487 Enable strict check on in_array method
• Fix typos on readme.
• #480 Fix typo on SPNameQualifier mismatch error message
• Add $spValidationOnly param to Auth
• Update xmlseclibs (3.1.2 without AES-GCM and OAEP support)
• Add warning about Open Redirect and Reply attacks
• Add warning about the use of IdpMetadataParser class. If Metadata URLs
  are provided by 3rd parties, the URL inputs MUST be validated to avoid issues like SSRF
• Update dependencies
• Fix test payloads
• Remove references to OneLogin.