Fix #204. On a LogoutRequest if the NameIdFormat is entity, NameQuali…

…fier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added. Update info related to LogoutRequest on the README

README.md

@@ -801,11 +801,17 @@ target_url = 'https://example.com'
 auth.logout(return_to=target_url)
 ```
 
-Also there are 2 optional parameters that can be set:
+Also there are 4 optional parameters that can be set:
 
 * name_id. That will be used to build the LogoutRequest. If not name_id parameter is set and the auth object processed a
 SAML Response with a NameId, then this NameId will be used.
 * session_index. SessionIndex that identifies the session of the user.
+* nq. IDP Name Qualifier
+* name_id_format. The NameID Format that will be set in the LogoutRequest
+
+If no name_id is provided, the LogoutRequest will contain a NameID with the entity Format.
+If name_id is provided and no name_id_format is provided, the NameIDFormat of the settings will be used.
+If nq is provided, the SPNameQualifier will be also attached to the NameId.
 
 If a match on the LogoutResponse ID and the LogoutRequest ID to be sent is required, that LogoutRequest ID must to be extracted and stored for future validation, we can get that ID by
 

src/onelogin/saml2/logout_request.py

@@ -79,11 +79,16 @@ def __init__(self, settings, request=None, name_id=None, session_index=None, nq=
                 if name_id_format is not None:
                     nameIdFormat = name_id_format
                 else:
-                    nameIdFormat = sp_data['NameIDFormat']
-                spNameQualifier = None
+                    nameIdFormat = sp_data['NameIDFormat']                
             else:
-                name_id = idp_data['entityId']
                 nameIdFormat = OneLogin_Saml2_Constants.NAMEID_ENTITY
+
+            spNameQualifier = None
+            if nameIdFormat == OneLogin_Saml2_Constants.NAMEID_ENTITY:
+                name_id = idp_data['entityId']
+                nq = None
+            elif nq is not None:
+                # We only gonna include SPNameQualifier if NameQualifier is provided
                 spNameQualifier = sp_data['entityId']
 
             name_id_obj = OneLogin_Saml2_Utils.generate_name_id(

tests/src/OneLogin/saml2_tests/auth_test.py

@@ -1047,7 +1047,7 @@ def testGetLastLogoutRequest(self):
         expectedFragment = (
             '        Destination="http://idp.example.com/SingleLogoutService.php">\n'
             '        <saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>\n'
-            '        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" SPNameQualifier="http://stuff.com/endpoints/metadata.php">http://idp.example.com/</saml:NameID>\n'
+            '        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
             '        \n    </samlp:LogoutRequest>'
         )
         self.assertIn(expectedFragment, auth.get_last_request_xml())

tests/src/OneLogin/saml2_tests/logout_request_test.py

@@ -154,9 +154,11 @@ def testGetNameIdData(self):
             OneLogin_Saml2_Logout_Request.get_nameid_data(dom_2.toxml(), key)
 
         idp_data = settings.get_idp_data()
+        sp_data = settings.get_sp_data()
         expected_name_id_data = {
             'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
             'NameQualifier': idp_data['entityId'],
+            'SPNameQualifier': sp_data['entityId'],
             'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69'
         }
 
@@ -169,6 +171,24 @@ def testGetNameIdData(self):
         name_id_data_3 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom)
         self.assertEqual(expected_name_id_data, name_id_data_3)
 
+        expected_name_id_data = {
+            'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
+            'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69'
+        }
+        logout_request = OneLogin_Saml2_Logout_Request(settings, None, expected_name_id_data['Value'], None, None, expected_name_id_data['Format'])
+        dom = parseString(logout_request.get_xml())
+        name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom)
+        self.assertEqual(expected_name_id_data, name_id_data_4)
+
+        expected_name_id_data = {
+            'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity',
+            'Value': 'http://idp.example.com/'
+        }
+        logout_request = OneLogin_Saml2_Logout_Request(settings)
+        dom = parseString(logout_request.get_xml())
+        name_id_data_5 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom)
+        self.assertEqual(expected_name_id_data, name_id_data_5)
+
     def testGetNameId(self):
         """
         Tests the get_nameid of the OneLogin_Saml2_LogoutRequest
@@ -478,7 +498,7 @@ def testGetXML(self):
         expectedFragment = (
             'Destination="http://idp.example.com/SingleLogoutService.php">\n'
             '        <saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>\n'
-            '        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" SPNameQualifier="http://stuff.com/endpoints/metadata.php">http://idp.example.com/</saml:NameID>\n'
+            '        <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
             '        \n    </samlp:LogoutRequest>'
         )
         self.assertIn(expectedFragment, logout_request_generated.get_xml())