From 82e58db7db36e4938d68b51d28325c25123eebb4 Mon Sep 17 00:00:00 2001
From: Pieter van der Meulen <pieter.vanderMeulen@surfnet.nl>
Date: Tue, 31 May 2016 22:46:21 +0200
Subject: [PATCH] Allow the optional Subject NameID to be set in a SAML
 AuthnRequest through "saml:NameID"

---
 modules/saml/docs/sp.md             | 7 +++++++
 modules/saml/lib/Auth/Source/SP.php | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 6d4046425..d1a317838 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -52,6 +52,13 @@ All these parameters override the equivalent option from the configuration.
 
 :   *Note*: SAML 2 specific.
 
+`saml:NameID`
+:   Add a Subject element with a NameID to the SAML AuthnRequest for the IdP.
+    This is an associative array with the fields for the NameID.
+    Example: `array('Value' => 'user@example.org', 'Format' => SAML2_Const::NAMEID_UNSPECIFIED)`
+
+:   *Note*: SAML 2 specific.
+
 
 Authentication data
 -------------------
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 1460940d0..0d6b50978 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -205,6 +205,13 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 			$ar->setIsPassive((bool)$state['isPassive']);
 		}
 
+		if (isset($state['saml:NameID'])) {
+			if (!is_array($state['saml:NameID'])) {
+				throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].');
+			}
+			$ar->setNameId($state['saml:NameID']);
+		}
+
 		if (isset($state['saml:NameIDPolicy'])) {
 			if (is_string($state['saml:NameIDPolicy'])) {
 				$policy = array(
-- 
GitLab