Move the "no KeyName" rule out into a ruleset file of its own; it's r…

…eally informational and will soon be obsolete.
InCommon · Apr 5, 2011 · 2cb5a8e · 2cb5a8e
1 parent 551e5de
commit 2cb5a8e
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 23 deletions.
diff --git a/build/check_future.xsl b/build/check_future.xsl
@@ -67,27 +67,4 @@
 		</xsl:call-template>
 	</xsl:template>
 
-	<!--
-		Check for IdPs which have no KeyName; this indicates an IdP which can't interoperate
-		with certain versions of OpenAthens SP.
-	-->
-
-	<xsl:template match="md:EntityDescriptor[md:IDPSSODescriptor][not(descendant::ds:KeyName)]">
-		<xsl:call-template name="fatal">
-			<xsl:with-param name="m">
-				<xsl:if test="descendant::md:Extensions/wayf:HideFromWAYF">
-					<xsl:text>(hidden) </xsl:text>
-				</xsl:if>
-				<xsl:text>identity provider lacks PKIX validatable credential</xsl:text>
-			</xsl:with-param>
-		</xsl:call-template>
-		<xsl:call-template name="fatal">
-			<xsl:with-param name="m">
-				<xsl:value-of select="descendant::md:OrganizationDisplayName"/>
-				<xsl:text>: </xsl:text>
-				<xsl:value-of select="@entityID"/>
-			</xsl:with-param>
-		</xsl:call-template>
-	</xsl:template>
-
 </xsl:stylesheet>
diff --git a/build/check_nokeyname.xsl b/build/check_nokeyname.xsl
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_nokeyname.xsl
+	
+	Checking ruleset for IdPs which have no KeyName; this indicates an IdP which can't interoperate
+	with certain versions of OpenAthens SP.
+
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+	xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+	xmlns:set="http://exslt.org/sets"
+	xmlns:wayf="http://sdss.ac.uk/2006/06/WAYF"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+
+	xmlns:mdxURL="xalan://uk.ac.sdss.xalan.md.URLchecker"
+
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+
+	<xsl:template match="md:EntityDescriptor[md:IDPSSODescriptor][not(descendant::ds:KeyName)]">
+		<xsl:call-template name="fatal">
+			<xsl:with-param name="m">
+				<xsl:if test="descendant::md:Extensions/wayf:HideFromWAYF">
+					<xsl:text>(hidden) </xsl:text>
+				</xsl:if>
+				<xsl:text>identity provider lacks PKIX validatable credential</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+		<xsl:call-template name="fatal">
+			<xsl:with-param name="m">
+				<xsl:value-of select="descendant::md:OrganizationDisplayName"/>
+				<xsl:text>: </xsl:text>
+				<xsl:value-of select="@entityID"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+</xsl:stylesheet>