diff --git a/docs/simplesamlphp-reference-sp-hosted.txt b/docs/simplesamlphp-reference-sp-hosted.txt
index f6c0a913e8aeb0fbf42a87a10160ecef441cf58d..fd47918d0cfe04fe2d06acb1176ea47f1957461a 100644
--- a/docs/simplesamlphp-reference-sp-hosted.txt
+++ b/docs/simplesamlphp-reference-sp-hosted.txt
@@ -28,6 +28,18 @@ Common options
: Note that this only changes the values in the generated metadata and in the messages sent to others. You must also configure your webserver to deliver this URL to the correct PHP page.
+`attributes`
+: List of attributes this SP requests from the IdP.
+ This list will be added to the generated metadata.
+
+: The attributes will be added without a `NameFormat` by default.
+ Use the `attributes.NameFormat` option to specify the `NameFormat` for the attributes.
+
+: *Note*: This list will only be added to the metadata if the `name`-option is also specified.
+
+`attributes.NameFormat`
+: The `NameFormat` for the requested attributes.
+
`authproc`
: Used to manipulate attributes, and limit access for each SP. See the [authentication processing filter manual](http://rnd.feide.no/content/authentication-processing-filters-simplesamlphp).
@@ -47,6 +59,8 @@ Common options
'no' => 'En tjeneste',
),
+: *Note*: For this to be added to the metadata, you must also specify the `attributes` and `name` options.
+
`host`
: The hostname for this SP. One SP can also have the `host`-option set to `__DEFAULT__`, and that SP will be used when no other entries in the metadata matches.
@@ -92,23 +106,14 @@ Common options
'no' => 'En tjeneste',
),
+: *Note*: You must also specify at least one attribute in the `attributes` option for this element to be added to the metadata.
+
`NameIDFormat`
: Override the default NameIDFormat in the generated metadata and in the authentication request.
: The default value for SAML 2.0 is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`, while the default for Shibboleth 1.3 is `urn:mace:shibboleth:1.0:nameIdentifier`. If you set the value to `NULL`, the `samlp:NameIDPolicy` element is removed from the authentication request.
-`url`
-: A URL to your service provider. Will be added as a OrganizationURL-element in the metadata.
-
-: This option can be translated into multiple languages by specifying the value as an array of language-code to language-specific URL:
-
- 'url' => array(
- 'en' => 'http://sp.example.net/en/info.html',
- 'no' => 'http://sp.example.net/no/info.html',
- ),
-
-
SAML 2.0 options
----------------
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index f2d29914f25c4c5923b0bf82acab67dff98afebc..08034ec3807a9c74684bd64533dd3a5402c1aff2 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -51,6 +51,12 @@ try {
}
+ if (array_key_exists('attributes', $spmeta)) {
+ $metaArray['attributes'] = $spmeta['attributes'];
+ }
+ if (array_key_exists('attributes.NameFormat', $spmeta)) {
+ $metaArray['attributes.NameFormat'] = $spmeta['attributes.NameFormat'];
+ }
if (array_key_exists('name', $spmeta)) {
$metaArray['name'] = $spmeta['name'];
}
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 111e95062673353b963c07557bbe1e00c273e734..bc86f954098ececa2214246d903fcd17b60c751c 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -55,6 +55,12 @@ try {
$metaArray['OrganizationURL'] = $spmeta['OrganizationURL'];
}
+ if (array_key_exists('attributes', $spmeta)) {
+ $metaArray['attributes'] = $spmeta['attributes'];
+ }
+ if (array_key_exists('attributes.NameFormat', $spmeta)) {
+ $metaArray['attributes.NameFormat'] = $spmeta['attributes.NameFormat'];
+ }
if (array_key_exists('name', $spmeta)) {
$metaArray['name'] = $spmeta['name'];
}