Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add UK-specific check for IdPs suppporting REFEDS R&S entity category 
Similar to the check for SPs, we ensure that any IdP that supports
the category will have a valid MDRPS in metadata.

See ukf/ukf-meta#281 for details
Alex Stuart committed Nov 30, 2020
1 parent 6efc0a4 commit b199617
Showing 7 changed files with 101 additions and 1 deletion.
23 changes: 22 additions & 1 deletion mdx/uk/check_uk_rands.xsl
View file
@@ -3,7 +3,8 @@
check_uk_rands.xsl
UKf-specific check for SPs asserting R&S entity category
UKf-specific checks for SPs asserting R&S entity category
or for IdPs supporting the entity category.
-->
<xsl:stylesheet version="1.0"
@@ -41,5 +42,25 @@
</xsl:call-template>
</xsl:template>

<!--
IdPs which support the R&S entity category must include an explicit RegistrationPolicy.
Note that there is a different UK-specific check to ensure that RegistrationPolicy
contains valid values, so we don't need to repeat ourselves here.
Note also that check_rands_support ensures that entities asserting the entity category
are IdPs.
-->
<xsl:template match="md:EntityDescriptor
[md:Extensions/mdattr:EntityAttributes/saml:Attribute[@Name='http://macedir.org/entity-category-support']
/saml:AttributeValue='http://refeds.org/category/research-and-scholarship']
[not(md:Extensions/mdrpi:RegistrationInfo/mdrpi:RegistrationPolicy)]">
<xsl:call-template name="error">
<xsl:with-param name="m">
<xsl:text>IdP supports R&amp;S entity category but has no RegistrationPolicy element.</xsl:text>
</xsl:with-param>
</xsl:call-template>
</xsl:template>


</xsl:stylesheet>
9 changes: 9 additions & 0 deletions tests/manual/ukf-meta-281/README.md
View file
@@ -0,0 +1,9 @@
# Tests for UK-specific check for R and S

If the entity supports R&S, it must have a RegistrationPolicy

Other checks ensure that the RegistrationPolicy is valid

Run tests like this:

`for i in *.xml; do echo "Test: $i ==="; xsltproc ../../../mdx/uk/check_uk_rands.xsl $i; done`
18 changes: 18 additions & 0 deletions tests/manual/ukf-meta-281/has-ec-has-policy.xml
View file
@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Extensions>
<mdrpi:RegistrationInfo registrationAuthority="http://ukfederation.org.uk"
registrationInstant="2012-07-13T11:19:55Z">
<mdrpi:RegistrationPolicy xml:lang="en"
>http://ukfederation.org.uk/doc/mdrps-20130902</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
<mdattr:EntityAttributes>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
<saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</Extensions>
</EntityDescriptor>
16 changes: 16 additions & 0 deletions tests/manual/ukf-meta-281/has-ec-no-policy.xml
View file
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Extensions>
<mdrpi:RegistrationInfo registrationAuthority="http://ukfederation.org.uk"
registrationInstant="2012-07-13T11:19:55Z">
</mdrpi:RegistrationInfo>
<mdattr:EntityAttributes>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support">
<saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</Extensions>
</EntityDescriptor>
13 changes: 13 additions & 0 deletions tests/manual/ukf-meta-281/no-ec-has-policy.xml
View file
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Extensions>
<mdrpi:RegistrationInfo registrationAuthority="http://ukfederation.org.uk"
registrationInstant="2012-07-13T11:19:55Z">
<mdrpi:RegistrationPolicy xml:lang="en"
>http://ukfederation.org.uk/doc/mdrps-20130902</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
</Extensions>
</EntityDescriptor>
5 changes: 5 additions & 0 deletions tests/manual/ukf-meta-281/no-ec-no-policy.xml
View file
@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" />
18 changes: 18 additions & 0 deletions tests/manual/ukf-meta-281/sirtfi-ec-no-policy.xml
View file
@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Extensions>
<mdrpi:RegistrationInfo registrationAuthority="http://ukfederation.org.uk"
registrationInstant="2012-07-13T11:19:55Z">
<mdrpi:RegistrationPolicy xml:lang="en"
>http://ukfederation.org.uk/doc/mdrps-20130902</mdrpi:RegistrationPolicy>
</mdrpi:RegistrationInfo>
<mdattr:EntityAttributes>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category">
<saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</Extensions>
</EntityDescriptor>

0 comments on commit b199617

Please sign in to comment.