On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added. Update info related to LogoutRequest on the README

Author: pitbulk

README.md

@@ -765,15 +765,23 @@ target_url = 'https://example.com'
 auth.logout(return_to=target_url)
 ```
 
-Also there are 2 optional parameters that can be set:
+Also there are 4 optional parameters that can be set:
 
 * name_id. That will be used to build the LogoutRequest. If not name_id parameter is set and the auth object processed a
 SAML Response with a NameId, then this NameId will be used.
 * session_index. SessionIndex that identifies the session of the user.
+* nq. IDP Name Qualifier
+* name_id_format. The NameID Format that will be set in the LogoutRequest
+
+If no name_id is provided, the LogoutRequest will contain a NameID with the entity Format.
+If name_id is provided and no name_id_format is provided, the NameIDFormat of the settings will be used.
+If nq is provided, the SPNameQualifier will be also attached to the NameId.
 
 If a match on the LogoutResponse ID and the LogoutRequest ID to be sent is required, that LogoutRequest ID must to be extracted and stored for future validation, we can get that ID by
 
+```python
 auth.get_last_request_id()
+```
 
 ####Example of a view that initiates the SSO request and handles the response (is the acs target)####
 

src/onelogin/saml2/logout_request.py

@@ -72,12 +72,17 @@ def __init__(self, settings, request=None, name_id=None, session_index=None, nq=
                     cert = idp_data['x509cert']
 
             if name_id is not None:
-                if name_id_format is None:
+                if not name_id_format:
                     name_id_format = sp_data['NameIDFormat']
-                sp_name_qualifier = None
             else:
-                name_id = idp_data['entityId']
                 name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY
+
+            sp_name_qualifier = None
+            if name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY:
+                name_id = idp_data['entityId']
+                nq = None
+            elif nq is not None:
+                # We only gonna include SPNameQualifier if NameQualifier is provided
                 sp_name_qualifier = sp_data['entityId']
 
             name_id_obj = OneLogin_Saml2_Utils.generate_name_id(

tests/src/OneLogin/saml2_tests/auth_test.py

@@ -1223,7 +1223,7 @@ def testGetLastLogoutRequest(self):
         expectedFragment = (
             '  Destination="http://idp.example.com/SingleLogoutService.php">\n'
             '    <saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>\n'
-            '    <saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
+            '    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
             '    \n</samlp:LogoutRequest>'
         )
         self.assertIn(expectedFragment, auth.get_last_request_xml())

tests/src/OneLogin/saml2_tests/logout_request_test.py

@@ -157,13 +157,30 @@ def testGetNameIdData(self):
         expected_name_id_data = {
             'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
             'NameQualifier': idp_data['entityId'],
+            'SPNameQualifier': 'http://stuff.com/endpoints/metadata.php',
             'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69'
         }
 
         logout_request = OneLogin_Saml2_Logout_Request(settings, None, expected_name_id_data['Value'], None, idp_data['entityId'], expected_name_id_data['Format'])
         name_id_data_3 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml())
         self.assertEqual(expected_name_id_data, name_id_data_3)
 
+        expected_name_id_data = {
+            'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
+            'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69'
+        }
+        logout_request = OneLogin_Saml2_Logout_Request(settings, None, expected_name_id_data['Value'], None, None, expected_name_id_data['Format'])
+        name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml())
+        self.assertEqual(expected_name_id_data, name_id_data_4)
+
+        expected_name_id_data = {
+            'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity',
+            'Value': 'http://idp.example.com/'
+        }
+        logout_request = OneLogin_Saml2_Logout_Request(settings)
+        name_id_data_5 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml())
+        self.assertEqual(expected_name_id_data, name_id_data_5)
+
     def testGetNameId(self):
         """
         Tests the get_nameid of the OneLogin_Saml2_LogoutRequest
@@ -367,7 +384,7 @@ def testGetXML(self):
         expectedFragment = (
             'Destination="http://idp.example.com/SingleLogoutService.php">\n'
             '    <saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer>\n'
-            '    <saml:NameID SPNameQualifier="http://stuff.com/endpoints/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
+            '    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://idp.example.com/</saml:NameID>\n'
             '    \n</samlp:LogoutRequest>'
         )
         self.assertIn(expectedFragment, logout_request_generated.get_xml())