From e6598feae38c6aefb9c72d5d1e4c885cd1a788d3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 17 Aug 2009 11:26:56 +0000
Subject: [PATCH] core_Auth_Process_TargetedID: Add support for generating SAML
 2 NameID elements.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1683 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/core/lib/Auth/Process/TargetedID.php | 41 +++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 3852d63dd..af1f99a57 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -39,6 +39,14 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 	private $attribute = NULL;
 
 
+	/**
+	 * Whether the attribute should be generated as a NameID value, or as a simple string.
+	 *
+	 * @var boolean
+	 */
+	private $generateNameId = FALSE;
+
+
 	/**
 	 * Initialize this filter.
 	 *
@@ -56,6 +64,13 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 				throw new Exception('Invalid attribute name given to core:TargetedID filter.');
 			}
 		}
+
+		if (array_key_exists('nameId', $config)) {
+			$this->generateNameId = $config['nameId'];
+			if (!is_bool($this->generateNameId)) {
+				throw new Exception('Invalid value of \'nameId\'-option to core:TargetedID filter.');
+			}
+		}
 	}
 
 
@@ -106,7 +121,31 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 		$uidData .= strlen($userID) . ':' . $userID;
 		$uidData .= $secretSalt;
 
-		$state['Attributes']['eduPersonTargetedID'] = array(hash('sha1', $uidData));
+		$uid = hash('sha1', $uidData);
+
+		if ($this->generateNameId) {
+			/* Convert the targeted ID to a SAML 2.0 name identifier element. */
+			$nameId = array(
+				'Format' => SAML2_Const::NAMEID_PERSISTENT,
+				'Value' => $uid,
+			);
+
+			if (isset($state['Source']['entityid'])) {
+				$nameId['NameQualifier'] = $state['Source']['entityid'];
+			}
+			if (isset($state['Destination']['entityid'])) {
+				$nameId['SPNameQualifier'] = $state['Source']['entityid'];
+			}
+
+			$doc = new DOMDocument();
+			$root = $doc->createElement('root');
+			$doc->appendChild($root);
+
+			SAML2_Utils::addNameId($root, $nameId);
+			$uid = $root->childNodes;
+		}
+
+		$state['Attributes']['eduPersonTargetedID'] = array($uid);
 	}
 
 
-- 
GitLab