diff --git a/mdx/_rules/check_saml2int.xsl b/mdx/_rules/check_saml2int.xsl
index 42f3077..37b4444 100644
--- a/mdx/_rules/check_saml2int.xsl
+++ b/mdx/_rules/check_saml2int.xsl
@@ -32,8 +32,10 @@
     <xsl:template match="md:SPSSODescriptor
         [contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')]
         [md:NameIDFormat]
-        [not(md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'])]
-        [not(md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'])]">
+        [not(
+            (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']) or 
+            (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'])
+        )]">
         <xsl:call-template name="error">
             <xsl:with-param name="m">SP excludes both SAML 2 name identifier formats</xsl:with-param>
         </xsl:call-template>
diff --git a/mdx/_rules/check_shibboleth.xsl b/mdx/_rules/check_shibboleth.xsl
index 12e87c7..a1b8370 100644
--- a/mdx/_rules/check_shibboleth.xsl
+++ b/mdx/_rules/check_shibboleth.xsl
@@ -36,8 +36,10 @@
         We perform a very cursory test for this by insisting that they start with
         either "http://" or "https://".
     -->
-    <xsl:template match="md:OrganizationURL[not(starts-with(., 'http://'))]
-        [not(starts-with(., 'https://'))]">
+    <xsl:template match="md:OrganizationURL[not(
+            (starts-with(., 'http://')) or 
+            (starts-with(., 'https://'))
+        )]">
         <xsl:call-template name="error">
             <xsl:with-param name="m">OrganizationURL '<xsl:value-of select="."/>' does not start with acceptable prefix</xsl:with-param>
         </xsl:call-template>