From 90973fffd417664a6ae5d8ef070a71760a96545e Mon Sep 17 00:00:00 2001
From: Ashima Athri <ashimaathri@gmail.com>
Date: Wed, 21 Oct 2015 17:14:29 -0400
Subject: [PATCH 1/3] Add NameQualifier and SPNameQualifier to nameID

The nameID element of the authn response can contain the NameQualifier and
SPNameQualifier attribute optionally.
---
 lib/passport-saml/saml.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
index f2863236..b0e53ac6 100644
--- a/lib/passport-saml/saml.js
+++ b/lib/passport-saml/saml.js
@@ -208,6 +208,8 @@ SAML.prototype.generateLogoutRequest = function (req) {
       },
       'saml:NameID' : {
         '@Format': req.user.nameIDFormat,
+        '@NameQualifier': req.user.nameQualifier,
+        '@SPNameQualifier': req.user.spNameQualifier,
         '#text': req.user.nameID
       }
     }
@@ -585,6 +587,8 @@ SAML.prototype.processValidlySignedAssertion = function(xml, inResponseTo, callb
 
         if (nameID[0].$ && nameID[0].$.Format) {
           profile.nameIDFormat = nameID[0].$.Format;
+          profile.nameQualifier = nameID[0].$.NameQualifier;
+          profile.spNameQualifier = nameID[0].$.SPNameQualifier;
         }
       }
     }

From 80da2879c9b2791cc6e79562ee1bc25e1cff87e1 Mon Sep 17 00:00:00 2001
From: Ashima Athri <ashimaathri@gmail.com>
Date: Wed, 21 Oct 2015 17:34:24 -0400
Subject: [PATCH 2/3] Only add to logout xml if present in authn response

---
 lib/passport-saml/saml.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
index b0e53ac6..b0cd147a 100644
--- a/lib/passport-saml/saml.js
+++ b/lib/passport-saml/saml.js
@@ -208,13 +208,19 @@ SAML.prototype.generateLogoutRequest = function (req) {
       },
       'saml:NameID' : {
         '@Format': req.user.nameIDFormat,
-        '@NameQualifier': req.user.nameQualifier,
-        '@SPNameQualifier': req.user.spNameQualifier,
         '#text': req.user.nameID
       }
     }
   };
 
+  if (typeof(req.user.nameQualifier) !== 'undefined') {
+    request['samlp:LogoutRequest']['saml:NameID']['@NameQualifier'] = req.user.nameQualifier;
+  }
+
+  if (typeof(req.user.spNameQualifier) !== 'undefined') {
+    request['samlp:LogoutRequest']['saml:NameID']['@SPNameQualifier'] = req.user.spNameQualifier;
+  }
+
   if (req.user.sessionIndex) {
     request['samlp:LogoutRequest']['saml2p:SessionIndex'] = {
       '@xmlns:saml2p': 'urn:oasis:names:tc:SAML:2.0:protocol',

From fadd3e4a2812ff719aa1dec694191aeca33577e6 Mon Sep 17 00:00:00 2001
From: Ashima Athri <ashimaathri@gmail.com>
Date: Mon, 9 Nov 2015 16:58:33 -0500
Subject: [PATCH 3/3] Add test for new nameid attributes

---
 test/tests.js | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/test/tests.js b/test/tests.js
index 59ca764f..06c668f3 100644
--- a/test/tests.js
+++ b/test/tests.js
@@ -452,6 +452,40 @@ describe( 'passport-saml /', function() {
       });
     });
 
+    it( 'generateLogoutRequest adds the NameQualifier and SPNameQualifier to the saml request', function( done ) {
+      var expectedRequest = { 
+        'samlp:LogoutRequest': 
+         { '$': 
+            { 'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
+              'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
+              //ID: '_85ba0a112df1ffb57805',
+              Version: '2.0',
+              //IssueInstant: '2014-05-29T03:32:23Z',
+              Destination: 'foo' },
+           'saml:Issuer': 
+            [ { _: 'onelogin_saml',
+                '$': { 'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion' } } ],
+           'saml:NameID': [ { _: 'bar', '$': { Format: 'foo',
+                                               SPNameQualifier: 'Service Provider',
+                                               NameQualifier: 'Identity Provider' } } ] } };
+
+      var samlObj = new SAML( { entryPoint: "foo" } );
+      var logoutRequest = samlObj.generateLogoutRequest({
+        user: {
+          nameIDFormat: 'foo',
+          nameID: 'bar',
+          nameQualifier: 'Identity Provider',
+          spNameQualifier: 'Service Provider'
+        }
+      });
+      parseString( logoutRequest, function( err, doc ) {
+        delete doc['samlp:LogoutRequest']['$']["ID"];
+        delete doc['samlp:LogoutRequest']['$']["IssueInstant"];
+        doc.should.eql( expectedRequest );
+        done();
+      });
+    });
+
     it( 'generateLogoutResponse', function( done ) {
       var expectedResponse =  { 
         'samlp:LogoutResponse':