Rename SAML 2.0 IdP option AttributeNameFormat to attributes.NameFormat.

Add 'attributes.NameFormat' as the preferred name for this option, so
that it matches what the metadata parser extracts. Backwards
compatibility with 'AttributeNameFormat' is also provided.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3049 44740490-163a-0410-bde0-09ae8108e29a

docs/simplesamlphp-idp.txt

@@ -154,7 +154,7 @@ The [interoperable SAML 2 profile](http://saml2int.org/profile/current) specifie
 We therefore recommended enabling this in new installations.
 This can be done by adding the following to the saml20-idp-hosted configuration:
 
-    'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+    'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
     'authproc' => array(
         // Convert LDAP names to oids.
         100 => array('class' => 'core:AttributeMap', 'name2oid'),

docs/simplesamlphp-reference-idp-hosted.txt

@@ -133,7 +133,7 @@ The following SAML 2.0 options are available:
 
 :   Note that this option can be set for each SP in the SP-remote metadata.
 
-`AttributeNameFormat`
+`attributes.NameFormat`
 :   What value will be set in the Format field of attribute
     statements. This parameter can be configured multiple places, and
     the actual value used is fetched from metadata by the following
@@ -163,6 +163,8 @@ The following SAML 2.0 options are available:
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+:   (This option was previously named `AttributeNameFormat`.)
+
 `https.certificate`
 :   The certificate used by the webserver when handling connections.
     This certificate will be added to the generated metadata of the IdP,

docs/simplesamlphp-reference-sp-remote.txt

@@ -123,7 +123,7 @@ The following SAML 2.0 options are available:
 
 :   The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
 
-`AttributeNameFormat`
+`attributes.NameFormat`
 :   What value will be set in the Format field of attribute
     statements. This parameter can be configured multiple places, and
     the actual value used is fetched from metadata by the following
@@ -153,6 +153,8 @@ The following SAML 2.0 options are available:
     entry in the SP-remote metadata overrides the option in the
     IdP-hosted metadata.
 
+:   (This option was previously named `AttributeNameFormat`.)
+
 `ForceAuthn`
 :   Set this `TRUE` to force the user to reauthenticate when the IdP
     receives authentication requests from this SP. The default is

metadata-templates/saml20-idp-hosted.php

@@ -25,7 +25,7 @@ $metadata['__DYNAMIC:1__'] = array(
 
 	/* Uncomment the following to use the uri NameFormat on attributes. */
 	/*
-	'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+	'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
 	'authproc' => array(
 		// Convert LDAP names to oids.
 		100 => array('class' => 'core:AttributeMap', 'name2oid'),

modules/authX509/docs/authX509.txt

@@ -100,7 +100,7 @@ can hack your metadata/saml20-idp-hosted.php file that way:
             'authority'     =>      'login',
             'userid.attribute' =>   'uid',
             'logouttype'    =>      'iframe',
-            'AttributeNameFormat' =>
+            'attributes.NameFormat' =>
                             'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
     )
 

modules/core/docs/authproc_targetedid.txt

@@ -56,7 +56,7 @@ Internet2 compatible `eduPersontargetedID`:
                 'name2oid',
             ),
         ),
-        'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
         'attributeencodings' => array(
             'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw', /* eduPersonTargetedID with oid NameFormat. */
         ),

modules/saml/lib/IdP/SAML2.php

@@ -621,6 +621,40 @@ class sspmod_saml_IdP_SAML2 {
 	}
 
 
+	/**
+	 * Determine which NameFormat we should use for attributes.
+	 *
+	 * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
+	 * @param SimpleSAML_Configuration $spMetadata  The metadata of the SP.
+	 * @return string  The NameFormat.
+	 */
+	private static function getAttributeNameFormat(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata) {
+
+		/* Try SP metadata first. */
+		$attributeNameFormat = $spMetadata->getString('attributes.NameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+		$attributeNameFormat = $spMetadata->getString('AttributeNameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+
+		/* Look in IdP metadata. */
+		$attributeNameFormat = $idpMetadata->getString('attributes.NameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+		$attributeNameFormat = $idpMetadata->getString('AttributeNameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+
+		/* Default. */
+		return 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
+	}
+
+
 	/**
 	 * Build an assertion based on information in the metadata.
 	 *
@@ -687,11 +721,7 @@ class sspmod_saml_IdP_SAML2 {
 		/* Add attributes. */
 
 		if ($spMetadata->getBoolean('simplesaml.attributes', TRUE)) {
-			$attributeNameFormat = $spMetadata->getString('AttributeNameFormat', NULL);
-			if ($attributeNameFormat === NULL) {
-				$attributeNameFormat = $idpMetadata->getString('AttributeNameFormat',
-					'urn:oasis:names:tc:SAML:2.0:attrname-format:basic');
-			}
+			$attributeNameFormat = self::getAttributeNameFormat($idpMetadata, $spMetadata);
 			$a->setAttributeNameFormat($attributeNameFormat);
 			$attributes = self::encodeAttributes($idpMetadata, $spMetadata, $state['Attributes']);
 			$a->setAttributes($attributes);