core_Auth_Process_TargetedID: Add support for generating SAML 2 NameID elements.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1683 44740490-163a-0410-bde0-09ae8108e29a

modules/core/lib/Auth/Process/TargetedID.php

@@ -39,6 +39,14 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 	private $attribute = NULL;
 
 
+	/**
+	 * Whether the attribute should be generated as a NameID value, or as a simple string.
+	 *
+	 * @var boolean
+	 */
+	private $generateNameId = FALSE;
+
+
 	/**
 	 * Initialize this filter.
 	 *
@@ -56,6 +64,13 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 				throw new Exception('Invalid attribute name given to core:TargetedID filter.');
 			}
 		}
+
+		if (array_key_exists('nameId', $config)) {
+			$this->generateNameId = $config['nameId'];
+			if (!is_bool($this->generateNameId)) {
+				throw new Exception('Invalid value of \'nameId\'-option to core:TargetedID filter.');
+			}
+		}
 	}
 
 
@@ -106,7 +121,31 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 		$uidData .= strlen($userID) . ':' . $userID;
 		$uidData .= $secretSalt;
 
-		$state['Attributes']['eduPersonTargetedID'] = array(hash('sha1', $uidData));
+		$uid = hash('sha1', $uidData);
+
+		if ($this->generateNameId) {
+			/* Convert the targeted ID to a SAML 2.0 name identifier element. */
+			$nameId = array(
+				'Format' => SAML2_Const::NAMEID_PERSISTENT,
+				'Value' => $uid,
+			);
+
+			if (isset($state['Source']['entityid'])) {
+				$nameId['NameQualifier'] = $state['Source']['entityid'];
+			}
+			if (isset($state['Destination']['entityid'])) {
+				$nameId['SPNameQualifier'] = $state['Source']['entityid'];
+			}
+
+			$doc = new DOMDocument();
+			$root = $doc->createElement('root');
+			$doc->appendChild($root);
+
+			SAML2_Utils::addNameId($root, $nameId);
+			$uid = $root->childNodes;
+		}
+
+		$state['Attributes']['eduPersonTargetedID'] = array($uid);
 	}