Make omitting unspecified NameID format in LogoutRequest optional

[antyblin]

I have an issue trying to log out: my identity provider uses unspecified NameId format and also requires it to be presented in the Logout Request.
As I found in the commit 4348bd7 there was added a code (LogoutRequest.php:95) to omit the unspecified NameId format:

// NameID Format UNSPECIFIED omitted
if (!empty($nameIdFormat) && $nameIdFormat == OneLogin_Saml2_Constants::NAMEID_UNSPECIFIED) {
    $nameIdFormat = null;
}

The only solution I found is to comment this line, which in many senses is wrong.
Is there any possibility to make this NameId format omitting optional?

[gauravjain024]

Hi
i am having and issue with NameID can you please help
Here Is my Error:
"NameID not found in the assertion of the Response"

[antyblin]

@gauravjain024 Did you check what you get in a response?
Anyway this is a different issue and developers keep ignoring it.

[pitbulk]

@gauravjain024 you may set on the settings

'wantNameId' => false,

@antyblin sorry for the delayed reply.

If you set on your SP settings the NAMEID_UNSPECIFIED, that means that the SP don't know what NameID expects as well as accepting any from the IdP.
The IdP in its SAMLResponse reply, can:

• Set no Format, in which case no Format in NameID on the LogoutRequest should be used (this is what was recently added to fix a issue with ADFS.
• Set a Format in the NameID. In this case,the same NameID Format should be used on the LogoutRequest.

The IdP should not provide a NameID with unspecified Format, instead omit that value due its omission means that the Format is not specified.
In the same way, IdP should not reject a LogoutRequest with no Format, since that is the same than Format=unspecified.

What IdP are you using?

[jbutts-nerdery]

I would also like this to be optional, as I am interacting with a custom IdP that requires unspecified format on logout request.