From b97d401d48d65480f42cb627c0b6c932839cd2b3 Mon Sep 17 00:00:00 2001
From: Chris Andrews <chrisandrews@venda.com>
Date: Mar 01 2011 11:24:33 +0000
Subject: Add selectable NameIDFormat to LogoutRequest


---

diff --git a/lib/Net/SAML2/Protocol/LogoutRequest.pm b/lib/Net/SAML2/Protocol/LogoutRequest.pm
index 7899528..cd40580 100644
--- a/lib/Net/SAML2/Protocol/LogoutRequest.pm
+++ b/lib/Net/SAML2/Protocol/LogoutRequest.pm
@@ -28,15 +28,17 @@ Arguments:
 
  * session - the session to log out
  * nameid - the NameID of the user to log out
+ * nameid_format - the NameIDFormat to specify
  * issuer - the SP's identity URI
  * destination -  the IdP's identity URI
 
 =cut
 
-has 'session'     => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
-has 'nameid'      => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
-has 'issuer'      => (isa => Uri, is => 'ro', required => 1, coerce => 1);
-has 'destination' => (isa => Uri, is => 'ro', required => 1, coerce => 1);
+has 'session'       => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
+has 'nameid'        => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
+has 'nameid_format' => (isa => NonEmptySimpleStr, is => 'ro', required => 1);
+has 'issuer'        => (isa => Uri, is => 'ro', required => 1, coerce => 1);
+has 'destination'   => (isa => Uri, is => 'ro', required => 1, coerce => 1);
 
 =head2 new_from_xml
 
@@ -52,11 +54,12 @@ sub new_from_xml {
     $xpath->set_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
 
     my $self = $class->new(
-        id          => $xpath->findvalue('/samlp:LogoutRequest/@ID')->value,
-        session     => $xpath->findvalue('/samlp:LogoutRequest/samlp:SessionIndex')->value,
-        issuer      => $xpath->findvalue('/samlp:LogoutRequest/saml:Issuer')->value,
-        nameid      => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID')->value,
-        destination => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@NameQualifier')->value,
+        id            => $xpath->findvalue('/samlp:LogoutRequest/@ID')->value,
+        session       => $xpath->findvalue('/samlp:LogoutRequest/samlp:SessionIndex')->value,
+        issuer        => $xpath->findvalue('/samlp:LogoutRequest/saml:Issuer')->value,
+        nameid        => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID')->value,
+        nameid_format => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@Format')->value,
+        destination   => $xpath->findvalue('/samlp:LogoutRequest/saml:NameID/@NameQualifier')->value,
     );
 
     return $self;
@@ -87,7 +90,7 @@ sub as_xml {
             ),
             $x->NameID(
                 $saml,
-                { Format => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+                { Format => $self->nameid_format,
                   NameQualifier => $self->destination,
                   SPNameQualifier => $self->issuer },
                 $self->nameid,
diff --git a/lib/Net/SAML2/SP.pm b/lib/Net/SAML2/SP.pm
index 0da428b..93d6a4a 100644
--- a/lib/Net/SAML2/SP.pm
+++ b/lib/Net/SAML2/SP.pm
@@ -81,23 +81,24 @@ sub authn_request {
     return $authnreq;
 }
 
-=head2 logout_request($destination, $nameid, $session)
+=head2 logout_request($destination, $nameid, $nameid_format, $session)
 
 Returns a LogoutRequest object created by this SP, intended for the
 given destination, which should be the identity URI of the IdP.
 
-Also requires the nameid and session to be logged out. 
+Also requires the nameid (+format) and session to be logged out. 
 
 =cut
 
 sub logout_request {
-    my ($self, $destination, $nameid, $session) = @_;
+    my ($self, $destination, $nameid, $nameid_format, $session) = @_;
 
     my $logout_req = Net::SAML2::Protocol::LogoutRequest->new(
-        issuer      => $self->id,
-        destination => $destination,
-        nameid      => $nameid,
-        session     => $session,
+        issuer        => $self->id,
+        destination   => $destination,
+        nameid        => $nameid,
+        nameid_format => $nameid_format,
+        session       => $session,
     );
 
     return $logout_req;
diff --git a/t/05-soap-binding.t b/t/05-soap-binding.t
index 2b0c42c..f854250 100644
--- a/t/05-soap-binding.t
+++ b/t/05-soap-binding.t
@@ -30,7 +30,7 @@ my $nameid = 'user-to-log-out';
 my $session = 'session-to-log-out';
 
 my $request = $sp->logout_request(
-        $idp->entityid, $nameid, $session,
+        $idp->entityid, $nameid, $idp->format('persistent'), $session,
 );
 ok($request);
 my $request_xml = $request->as_xml;
diff --git a/t/07-logout-request.t b/t/07-logout-request.t
index bc93701..ea4ad91 100644
--- a/t/07-logout-request.t
+++ b/t/07-logout-request.t
@@ -8,6 +8,7 @@ my $lor = Net::SAML2::Protocol::LogoutRequest->new(
         destination => 'http://some/idp',
         nameid => 'name-to-log-out',
         session => 'session-to-log-out',
+        nameid_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
 );
 ok($lor);
 my $xml = $lor->as_xml;
@@ -16,5 +17,6 @@ ok($xml);
 
 ok(qr/ID=".+"/, $xml);
 ok(qr/IssueInstant=".+"/, $xml);
+ok(qr/persistent/, $xml);
 
 done_testing;
diff --git a/testapp/lib/Saml2Test.pm b/testapp/lib/Saml2Test.pm
index 02a8022..833a460 100644
--- a/testapp/lib/Saml2Test.pm
+++ b/testapp/lib/Saml2Test.pm
@@ -47,7 +47,7 @@ get '/logout-redirect' => sub {
     my $sp = _sp();
 
     my $logoutreq = $sp->logout_request(
-        $idp->entityid, params->{nameid}, params->{session}
+        $idp->entityid, params->{nameid}, $idp->format, params->{session}
     )->as_xml;
 
     my $redirect = $sp->slo_redirect_binding($idp, 'SAMLRequest');
@@ -64,7 +64,7 @@ get '/logout-soap' => sub {
 
     my $sp = _sp();
     my $logoutreq = $sp->logout_request(
-        $idp->entityid, params->{nameid}, params->{session}
+        $idp->entityid, params->{nameid}, $idp->format, params->{session}
     )->as_xml;
 
     my $soap = Net::SAML2::Binding::SOAP->new(