From ff6950e9d9ba3ed22054fe294f29af3aef1cfd11 Mon Sep 17 00:00:00 2001 From: Phil Smart Date: Tue, 16 Apr 2024 15:27:24 +0100 Subject: [PATCH] Fix sam2int and shibboleth predicates From commit hash ukf/ukf-testbed/990521d81935e56ca06c930391cc0ec588a2d0f3 See ukf/ukf-meta#416 for details --- mdx/_rules/check_saml2int.xsl | 6 ++++-- mdx/_rules/check_shibboleth.xsl | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/mdx/_rules/check_saml2int.xsl b/mdx/_rules/check_saml2int.xsl index 42f30770..37b4444b 100644 --- a/mdx/_rules/check_saml2int.xsl +++ b/mdx/_rules/check_saml2int.xsl @@ -32,8 +32,10 @@ + [not( + (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']) or + (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient']) + )]"> SP excludes both SAML 2 name identifier formats diff --git a/mdx/_rules/check_shibboleth.xsl b/mdx/_rules/check_shibboleth.xsl index 12e87c7a..a1b83705 100644 --- a/mdx/_rules/check_shibboleth.xsl +++ b/mdx/_rules/check_shibboleth.xsl @@ -36,8 +36,10 @@ We perform a very cursory test for this by insisting that they start with either "http://" or "https://". --> - + OrganizationURL '' does not start with acceptable prefix