From 18aae5c5c38b5ac1ad4d004d6e77b290f41b9762 Mon Sep 17 00:00:00 2001
From: Phil Smart <philip.smart@jisc.ac.uk>
Date: Tue, 16 Apr 2024 15:08:46 +0100
Subject: [PATCH] Fix multi-predicate support in check_hoksso ruleset for
 binding

From commit hash ukf/ukf-testbed/a9bcb9ed4ad54f3cf08caa20e4d595624462d1ba

See ukf/ukf-meta#416 for details
---
 mdx/_rules/check_hoksso.xsl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mdx/_rules/check_hoksso.xsl b/mdx/_rules/check_hoksso.xsl
index 5faae21..a581b91 100644
--- a/mdx/_rules/check_hoksso.xsl
+++ b/mdx/_rules/check_hoksso.xsl
@@ -138,8 +138,8 @@
     -->
 
     <xsl:template match="md:IDPSSODescriptor
-        [not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol'))]
-        [md:*/@Binding = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser']">
+        [not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')) and 
+        md:*/@Binding = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser']">
         <xsl:call-template name="error">
             <xsl:with-param name="m">
                 <xsl:text>holder of key binding requires SAML 2.0 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration</xsl:text>
@@ -148,8 +148,8 @@
     </xsl:template>
 
     <xsl:template match="md:SPSSODescriptor
-        [not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol'))]
-        [md:*/@Binding = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser']">
+        [not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')) and 
+        md:*/@Binding = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser']">
         <xsl:call-template name="error">
             <xsl:with-param name="m">
                 <xsl:text>holder of key binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration</xsl:text>