Properly document the use of NameIDFormat configuration option.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3313 44740490-163a-0410-bde0-09ae8108e29a

docs/simplesamlphp-reference-idp-hosted.txt

@@ -183,6 +183,31 @@ The following SAML 2.0 options are available:
 
 :   Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
 
+`NameIDFormat`
+:   The format of the NameID supported by this IdP. Defaults to the `transient` format if unspecified.
+    This parameter can be configured in multiple places, and the actual value used is fetched from metadata with
+    the following priority:
+
+:   1.  SP Remote Metadata
+
+    2.  IdP Hosted Metadata
+
+:   The three most commonly used values are:
+
+:   1.  `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
+    2.  `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
+    3.  `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
+
+:   The `transient` format will generate a new unique ID every time
+    the user logs in.
+
+:   To properly support the `persistent` and `emailAddress` formats,
+    you should configure [NameID generation filters](./saml:nameid)
+    on your IdP.
+
+:   Note that the value set here will be added to the metadata generated for this IdP,
+    in the `NameIDFormat` element.
+
 `saml20.sendartifact`
 :   Set to `TRUE` to enable the IdP to send responses with the HTTP-Artifact binding.
     Defaults to `FALSE`.

modules/saml/docs/sp.txt

@@ -297,7 +297,9 @@ Options
 
 `NameIDPolicy`
 :   The format of the NameID we request from the IdP.
-    Defaults to the transient format if unspecified.
+    Defaults to the `transient` format if unspecified.
+
+:   If this option is set, its value will be added to the metadata generated for this SP, in the NameIDFormat element.
 
 :   *Note 1*: This option replaces the `NameIDFormat` option found in `saml20-sp-hosted`.