From b4deda71ae43c62b6c6d6a77715f48a09255c029 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 16 Mar 2012 14:59:26 +0000
Subject: [PATCH] Rename SAML 2.0 IdP option AttributeNameFormat to
 attributes.NameFormat.

Add 'attributes.NameFormat' as the preferred name for this option, so
that it matches what the metadata parser extracts. Backwards
compatibility with 'AttributeNameFormat' is also provided.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3049 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-idp.txt                  |  2 +-
 docs/simplesamlphp-reference-idp-hosted.txt |  4 ++-
 docs/simplesamlphp-reference-sp-remote.txt  |  4 ++-
 metadata-templates/saml20-idp-hosted.php    |  2 +-
 modules/authX509/docs/authX509.txt          |  2 +-
 modules/core/docs/authproc_targetedid.txt   |  2 +-
 modules/saml/lib/IdP/SAML2.php              | 40 ++++++++++++++++++---
 7 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index 4be6f07fa..b246dec66 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -154,7 +154,7 @@ The [interoperable SAML 2 profile](http://saml2int.org/profile/current) specifie
 We therefore recommended enabling this in new installations.
 This can be done by adding the following to the saml20-idp-hosted configuration:
 
-    'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+    'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
     'authproc' => array(
         // Convert LDAP names to oids.
         100 => array('class' => 'core:AttributeMap', 'name2oid'),
diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index 08fa994aa..c4490b1a7 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -133,7 +133,7 @@ The following SAML 2.0 options are available:
 
 :   Note that this option can be set for each SP in the SP-remote metadata.
 
-`AttributeNameFormat`
+`attributes.NameFormat`
 :   What value will be set in the Format field of attribute
     statements. This parameter can be configured multiple places, and
     the actual value used is fetched from metadata by the following
@@ -163,6 +163,8 @@ The following SAML 2.0 options are available:
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+:   (This option was previously named `AttributeNameFormat`.)
+
 `https.certificate`
 :   The certificate used by the webserver when handling connections.
     This certificate will be added to the generated metadata of the IdP,
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index a3d9c68c4..bc1592535 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -123,7 +123,7 @@ The following SAML 2.0 options are available:
 
 :   The value of this option is specified in one of several [endpoint formats](./simplesamlphp-metadata-endpoints).
 
-`AttributeNameFormat`
+`attributes.NameFormat`
 :   What value will be set in the Format field of attribute
     statements. This parameter can be configured multiple places, and
     the actual value used is fetched from metadata by the following
@@ -153,6 +153,8 @@ The following SAML 2.0 options are available:
     entry in the SP-remote metadata overrides the option in the
     IdP-hosted metadata.
 
+:   (This option was previously named `AttributeNameFormat`.)
+
 `ForceAuthn`
 :   Set this `TRUE` to force the user to reauthenticate when the IdP
     receives authentication requests from this SP. The default is
diff --git a/metadata-templates/saml20-idp-hosted.php b/metadata-templates/saml20-idp-hosted.php
index a714a7ec2..d470e9805 100644
--- a/metadata-templates/saml20-idp-hosted.php
+++ b/metadata-templates/saml20-idp-hosted.php
@@ -25,7 +25,7 @@ $metadata['__DYNAMIC:1__'] = array(
 
 	/* Uncomment the following to use the uri NameFormat on attributes. */
 	/*
-	'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+	'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
 	'authproc' => array(
 		// Convert LDAP names to oids.
 		100 => array('class' => 'core:AttributeMap', 'name2oid'),
diff --git a/modules/authX509/docs/authX509.txt b/modules/authX509/docs/authX509.txt
index 91f21e36d..4992e617f 100644
--- a/modules/authX509/docs/authX509.txt
+++ b/modules/authX509/docs/authX509.txt
@@ -100,7 +100,7 @@ can hack your metadata/saml20-idp-hosted.php file that way:
             'authority'     =>      'login',
             'userid.attribute' =>   'uid',
             'logouttype'    =>      'iframe',
-            'AttributeNameFormat' =>
+            'attributes.NameFormat' =>
                             'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
     )
 
diff --git a/modules/core/docs/authproc_targetedid.txt b/modules/core/docs/authproc_targetedid.txt
index 72a482599..f6cea7da7 100644
--- a/modules/core/docs/authproc_targetedid.txt
+++ b/modules/core/docs/authproc_targetedid.txt
@@ -56,7 +56,7 @@ Internet2 compatible `eduPersontargetedID`:
                 'name2oid',
             ),
         ),
-        'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
         'attributeencodings' => array(
             'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw', /* eduPersonTargetedID with oid NameFormat. */
         ),
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 0b64d0c5c..a7d04b384 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -621,6 +621,40 @@ class sspmod_saml_IdP_SAML2 {
 	}
 
 
+	/**
+	 * Determine which NameFormat we should use for attributes.
+	 *
+	 * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
+	 * @param SimpleSAML_Configuration $spMetadata  The metadata of the SP.
+	 * @return string  The NameFormat.
+	 */
+	private static function getAttributeNameFormat(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata) {
+
+		/* Try SP metadata first. */
+		$attributeNameFormat = $spMetadata->getString('attributes.NameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+		$attributeNameFormat = $spMetadata->getString('AttributeNameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+
+		/* Look in IdP metadata. */
+		$attributeNameFormat = $idpMetadata->getString('attributes.NameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+		$attributeNameFormat = $idpMetadata->getString('AttributeNameFormat', NULL);
+		if ($attributeNameFormat !== NULL) {
+			return $attributeNameFormat;
+		}
+
+		/* Default. */
+		return 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
+	}
+
+
 	/**
 	 * Build an assertion based on information in the metadata.
 	 *
@@ -687,11 +721,7 @@ class sspmod_saml_IdP_SAML2 {
 		/* Add attributes. */
 
 		if ($spMetadata->getBoolean('simplesaml.attributes', TRUE)) {
-			$attributeNameFormat = $spMetadata->getString('AttributeNameFormat', NULL);
-			if ($attributeNameFormat === NULL) {
-				$attributeNameFormat = $idpMetadata->getString('AttributeNameFormat',
-					'urn:oasis:names:tc:SAML:2.0:attrname-format:basic');
-			}
+			$attributeNameFormat = self::getAttributeNameFormat($idpMetadata, $spMetadata);
 			$a->setAttributeNameFormat($attributeNameFormat);
 			$attributes = self::encodeAttributes($idpMetadata, $spMetadata, $state['Attributes']);
 			$a->setAttributes($attributes);
-- 
GitLab