Policy rule 5: SPs must implement SAML 2 HTTP-POST.

mdx/incommon/check_sp_no_saml2.xsl

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_idp_no_saml2.xsl
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+	xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="../_rules/check_framework.xsl"/>
+
+	<xsl:template match="md:SPSSODescriptor
+		[not(md:AssertionConsumerService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'])]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">SP does not support the SAML 2 HTTP-POST binding</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+</xsl:stylesheet>

mdx/incommon/edugain-policy.xml

@@ -106,6 +106,15 @@
                 <bean id="check_idp_non_saml2" parent="XSLValidationStage"
                     p:XSLResource="classpath:incommon/check_idp_no_saml2.xsl"/>
 
+                <!--
+                    Technical Policy rule 5.
+
+                    Filter all imported SP entities that do not have at least one SAML2 AssertionConsumerService
+                    endpoint that supports the HTTP-POST binding.
+                -->
+                <bean id="check_sp_non_saml2" parent="XSLValidationStage"
+                    p:XSLResource="classpath:incommon/check_sp_no_saml2.xsl"/>
+
                 <!--
                     Technical Policy rule 6.