Bug 920 - Ensure appropriate protocolSupportEnumeration tokens exist …

…for all endpoints Leave one test hanging as a "future" test because we have one deviant entity at present.
InCommon · Jun 6, 2012 · 3cfbc27 · 3cfbc27
1 parent 8699ddb
commit 3cfbc27
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 0 deletions.
diff --git a/build/check_saml1.xsl b/build/check_saml1.xsl
@@ -41,4 +41,43 @@
 		</xsl:call-template>
 	</xsl:template>
 
+	<!--
+        Use of SAML 1.0 bindings requires SAML 1.1 in protocolSupportEnumeration.
+    -->
+	<xsl:template match="md:IDPSSODescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:1.1:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:1.0:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 1.0 binding requires SAML 1.1 token in IDPSSODescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+        Use of SAML 1.0 bindings requires SAML 1.1 in protocolSupportEnumeration.
+    -->
+	<xsl:template match="md:AttributeAuthorityDescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:1.1:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:1.0:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 1.0 binding requires SAML 1.1 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+        Use of SAML 1.0 bindings requires SAML 1.1 in protocolSupportEnumeration.
+    -->
+	<xsl:template match="md:SPSSODescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:1.1:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:1.0:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 1.0 binding requires SAML 1.1 token in SPSSODescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>
diff --git a/build/check_saml2.xsl b/build/check_saml2.xsl
@@ -68,4 +68,30 @@
 		</xsl:call-template>
 	</xsl:template>
 
+	<!--
+        Use of SAML 2.0 bindings requires SAML 2.0 in protocolSupportEnumeration.
+    -->
+	<xsl:template match="md:AttributeAuthorityDescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:2.0:bindings:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 2.0 binding requires SAML 2.0 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<!--
+        Use of SAML 2.0 bindings requires SAML 2.0 in protocolSupportEnumeration.
+    -->
+	<xsl:template match="md:SPSSODescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:2.0:bindings:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 2.0 binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>
diff --git a/mdx/check_future_1.xsl b/mdx/check_future_1.xsl
@@ -29,5 +29,17 @@
 	-->
 	<xsl:import href="../build/check_framework.xsl"/>
 
+	<!--
+		Use of SAML 2.0 bindings requires SAML 2.0 in protocolSupportEnumeration.
+	-->
+	<xsl:template match="md:IDPSSODescriptor
+		[not(contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol'))]
+		[md:*/@Binding[starts-with(., 'urn:oasis:names:tc:SAML:2.0:bindings:')]]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>SAML 2.0 binding requires SAML 2.0 token in IDPSSODescriptor/@protocolSupportEnumeration</xsl:text>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
 
 </xsl:stylesheet>