Adding SPNameQualifier again since some implementations need it.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@287 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/XML/SAML20/AuthnResponse.php

@@ -492,6 +492,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		 */
 		$base64 = isset($spmd['base64attributes']) ? $spmd['base64attributes'] : false;
 		$nameidformat = isset($spmd['NameIDFormat']) ? $spmd['NameIDFormat'] : 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+		$spnamequalifier = isset($spmd['SPNameQualifier']) ? $spmd['SPNameQualifier'] : $spmd['entityid'];
 		
 		$encodedattributes = '';
 		foreach ($attributes AS $name => $values) {
@@ -510,9 +511,9 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 		 */
 		$nameid = null;
 		if ($nameidformat == self::EMAIL) {
-			$nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0]);
+			$nameid = $this->generateNameID($nameidformat, $attributes[$spmd['simplesaml.nameidattribute']][0], $spnamequalifier);
 		} else {
-			$nameid = $this->generateNameID($nameidformat, self::generateID());
+			$nameid = $this->generateNameID($nameidformat, self::generateID(), $spnamequalifier);
 		}
 		
 		/**
@@ -562,13 +563,20 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 
 
 	private function generateNameID($type = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 
-			$value = 'anonymous') {
-			
+			$value = 'anonymous', $spnamequalifier = null) {
+		
+		$spnamequalifiertext = '';
+		if (!empty($spnamequalifier)) {
+			$spnamequalifiertext = ' SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '"';
+		}
+		
 		if ($type == self::EMAIL) {
-			return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">' . htmlspecialchars($value) . '</saml:NameID>';
+			return '<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"' . 
+				$spnamequalifiertext . '>' . htmlspecialchars($value) . '</saml:NameID>';
 
 		} else {
-			return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">' . htmlspecialchars($value). '</saml:NameID>';
+			return '<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"' . 
+				$spnamequalifiertext. '>' . htmlspecialchars($value). '</saml:NameID>';
 		}
 		
 	}

lib/SimpleSAML/XML/SAML20/LogoutRequest.php

@@ -121,6 +121,12 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
 		$issuermd 	= $this->metadata->getMetaData($issuer, $issuerset);
 		$receivermd = $this->metadata->getMetaData($receiver, $receiverset);
 		
+		if ($mode == 'IdP') {
+			$spnamequalifier = isset($receivermd['SPNameQualifier']) ? $receivermd['SPNameQualifier'] : $receivermd['entityid'];
+		} else {
+			$spnamequalifier = isset($issuermd['SPNameQualifier']) ? $issuermd['SPNameQualifier'] : $issuermd['entityid'];
+		}
+		
 		$id = self::generateID();
 		$issueInstant = self::generateIssueInstant();
 
@@ -133,7 +139,7 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
     Destination="' . htmlspecialchars($destination) . '"
     IssueInstant="' . $issueInstant . '">
     <saml:Issuer >' . htmlspecialchars($issuer) . '</saml:Issuer>
-    <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID>
+    <saml:NameID Format="' . htmlspecialchars($nameid['Format']) . '" SPNameQualifier="' . htmlspecialchars($spnamequalifier) . '">' . htmlspecialchars($nameid['value']) . '</saml:NameID>
     <samlp:SessionIndex>' . htmlspecialchars($sessionindex) . '</samlp:SessionIndex>
 </samlp:LogoutRequest>
 ';