saml2int mandates SAML 2.0 HTTP-POST responses, so fault SPs which su…

…pport SAML 2.0 but which don't include an appropriate AssertionConsumerService endpoint.
InCommon · Mar 14, 2012 · d4dbb24 · d4dbb24
1 parent 758b901
commit d4dbb24
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/build/check_saml2int.xsl b/build/check_saml2int.xsl
@@ -89,4 +89,17 @@
 		</xsl:call-template>
 	</xsl:template>
 
+	<!--
+		Section 9.1
+		
+		Responses MUST use the HTTP-POST binding, so metadata for that MUST be present.
+	-->
+	<xsl:template match="md:SPSSODescriptor
+		[contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')]
+		[not(md:AssertionConsumerService[@Binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'])]">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">no HTTP-POST support on SAML 2.0 SP</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
 </xsl:stylesheet>