Add warning to check_future_9 for SPs that WantAssertionsSigned

See ukf/ukf-meta#165
InCommon · Jul 6, 2018 · f55cd7f · f55cd7f
1 parent 0e8f0ac
commit f55cd7f
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/mdx/_rules/check_future_9.xsl b/mdx/_rules/check_future_9.xsl
@@ -6,7 +6,8 @@
     Checking ruleset containing rules that we don't currently implement,
     but which we may implement in the future.
 
-    Author: Ian A. Young <ian@iay.org.uk>
+    This is to warn if an SP suggests that it wants signed assertions.
+    Typically, it is the response that should be signed.
 
 -->
 <xsl:stylesheet version="1.0"
@@ -23,5 +24,11 @@
     -->
     <xsl:import href="check_framework.xsl"/>
 
+    <xsl:template match="md:EntityDescriptor[md:SPSSODescriptor[@WantAssertionsSigned='true']]">
+        <xsl:call-template name="warning">
+            <xsl:with-param name="m">SP sets WantAssertionsSigned, although typically you would want Responses signed not Assertions</xsl:with-param>
+        </xsl:call-template>
+    </xsl:template>
+
 
 </xsl:stylesheet>