Add specific bindings checks for AttributeService and SingleSignOnSer…

…vice.
InCommon · Mar 15, 2012 · 5947568 · 5947568
1 parent 8d9757f
commit 5947568
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 0 deletions.
diff --git a/mdx/check_bindings.xsl b/mdx/check_bindings.xsl
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_bindings.xsl
+	
+	Checking ruleset that checks SAML 2.0 metadata Binding values.
+	
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="../build/check_framework.xsl"/>
+
+	<xsl:template match="md:AttributeService
+		[@Binding != 'urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding']
+		[@Binding != 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP']
+		">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>invalid binding '</xsl:text>
+				<xsl:value-of select="@Binding"/>
+				<xsl:text>' on </xsl:text>
+				<xsl:value-of select="name()"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+	<xsl:template match="md:SingleSignOnService
+		[@Binding != 'urn:mace:shibboleth:1.0:profiles:AuthnRequest']
+		[@Binding != 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+		[@Binding != 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign']
+		[@Binding != 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
+		[@Binding != 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP']
+		">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">
+				<xsl:text>invalid binding '</xsl:text>
+				<xsl:value-of select="@Binding"/>
+				<xsl:text>' on </xsl:text>
+				<xsl:value-of select="name()"/>
+			</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+</xsl:stylesheet>
diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml
@@ -215,6 +215,17 @@
         </property>
     </bean>
 
+    <!--
+        check_bindings
+    -->
+    <bean id="check_bindings" p:id="check_bindings" parent="check_xslt_parent">
+        <property name="xslResource">
+            <bean class="org.opensaml.util.resource.FilesystemResource">
+                <constructor-arg value="#{ systemProperties['basedir'] }/mdx/check_bindings.xsl"/>
+            </bean>
+        </property>
+    </bean>
+
     <!--
         check_filtered
     -->
@@ -578,6 +589,7 @@
         <property name="composedStages">
             <list>
                 <ref bean="check_adfs"/>
+                <ref bean="check_bindings"/>
                 <ref bean="check_idpdisc"/>
                 <ref bean="check_init"/>
                 <ref bean="check_mdiop"/>