Add proposed saml2int SSO binding rule as a future test.

InCommon · May 14, 2015 · 5e167da · 5e167da
1 parent 07570f7
commit 5e167da
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/mdx/_rules/check_future_0.xsl b/mdx/_rules/check_future_0.xsl
@@ -30,4 +30,21 @@
 	-->
 	<xsl:import href="check_framework.xsl"/>
 
+    <!--
+        Section 6.1.
+        
+        "The <saml2p:AuthnRequest> message issued by a Service Provider MUST be
+        communicated to the Identity Provider using the HTTP-REDIRECT binding
+        [SAML2Bind]."
+        
+        Therefore, metadata for this binding MUST be present.
+    -->
+    <xsl:template match="md:IDPSSODescriptor
+        [contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')]
+        [not(md:SingleSignOnService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'])]">
+        <xsl:call-template name="error">
+            <xsl:with-param name="m">SAML 2.0 IDPSSODescriptor does not support HTTP-Redirect SSO binding</xsl:with-param>
+        </xsl:call-template>
+    </xsl:template>
+
 </xsl:stylesheet>