check for triple slash in URL of endpoints

[ghost]

We had a case of an ACS endpoint that was https:///Shibboleth.sso/SAML2/ECP because the site administrator forgot the hostname. This caused problems with a downstream consumer of the metadata.

It would be good to check for and filter this form of malformed URL too.

[nroy]

I think we should check for correctly-formed schemes (http://, https://) and non-relative paths (/ immediately after https://, for example, is a relative path). We can't check for valid hostnames due to some people (validly) putting their IdP behind a firewall or in a local-only domain, which does not cause interop problems for front-channel flows.

[iay]

Sorry to take so long to comment, turned out I had forgotten to watch this version of the repository...

We should indeed check for valid URLs in endpoints. The current ad hoc checks miss a lot of possible errors. The good news is that we have a validation framework in place in inc-mda that will be upstreamed to the MDA 0.10 release, that will make writing this kind of more generic test (in Java, not in XSLT as the present ones are) much easier.

There's also a related issue here on ukf-mda.

[iay]

There's another related issue in the upstream GitLab (private). For my reference: ukf/ukf-meta#186.