Produits Entr'ouvert » Authentic 2

We should try to retrieve the SP metadatas through HTTP on the fly when an AuthnRequest
comes from an unknown SP and the SP id is an http/https URL.

We should cache the retrieved metadatas as permitted by the hosting server for
the metadatas. Even if caching is forbidden we should put a minimum cachetime
to disable possibilities of a DDOS attack.

This functionality must be controlled by a checkbox in the configuration panel.

For request coming from non-admin registered service providers, user consent should never be assumed.