Skip to content
This repository has been archived by the owner. It is now read-only.

Commit

Permalink
Implement checks for v1.3 of the REFEDS R+S specification
Browse files Browse the repository at this point in the history 
Checks only applied to UK federation entities for now.
See ukf/ukf-meta#20.
  • Loading branch information
@iay
iay committed Jan 31, 2017
1 parent f83edc5 commit 4a13c34
Show file tree
Hide file tree
Showing 4 changed files with 160 additions and 0 deletions.
86 changes: 86 additions & 0 deletions mdx/_rules/check_rands_member.xsl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
check_rands_member.xsl
Checking ruleset containing rules associated with membership of the REFEDS
Research and Scholarship entity category, see:
https://refeds.org/category/research-and-scholarship/
This ruleset reflects v1.3, 8-Sep-2016.
Author: Ian A. Young <ian@iay.org.uk>
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

<!--
Common support functions.
-->
<xsl:import href="check_framework.xsl"/>

<!--
Process entity category.
-->
<xsl:template match="md:EntityDescriptor
[md:Extensions/mdattr:EntityAttributes/saml:Attribute
[@NameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
[@Name='http://macedir.org/entity-category']
/saml:AttributeValue[.='http://refeds.org/category/research-and-scholarship']
]">
<xsl:choose>
<!--
(Implicit) applies only to service providers.
-->
<xsl:when test="not(md:SPSSODescriptor)">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S only applies to service provider entities</xsl:with-param>
</xsl:call-template>
</xsl:when>
<!--
4.3.1
The Service Provider [...] supports SAML V2.0 HTTP-POST binding.
-->
<xsl:when test="not(md:SPSSODescriptor/md:AssertionConsumerService
[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'])">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S requires SAML 2.0 POST support</xsl:with-param>
</xsl:call-template>
</xsl:when>
<!--
4.3.3
The Service Provider provides an mdui:DisplayName and mdui:InformationURL in metadata.
-->
<xsl:when test="not(md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:DisplayName)">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S requires mdui:DisplayName</xsl:with-param>
</xsl:call-template>
</xsl:when>
<xsl:when test="not(md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:InformationURL)">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S requires mdui:InformationURL</xsl:with-param>
</xsl:call-template>
</xsl:when>
<!--
4.3.4
The Service Provider provides one or more technical contacts in metadata.
-->
<xsl:when test="not(md:ContactPerson[@contactType='technical'])">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S requires one or more technical contacts</xsl:with-param>
</xsl:call-template>
</xsl:when>
</xsl:choose>
</xsl:template>

</xsl:stylesheet>
49 changes: 49 additions & 0 deletions mdx/_rules/check_rands_support.xsl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
check_rands_support.xsl
Checking ruleset containing rules associated with the REFEDS
Research and Scholarship entity support category, see:
https://refeds.org/category/research-and-scholarship/
This ruleset reflects v1.3, 8-Sep-2016.
Author: Ian A. Young <ian@iay.org.uk>
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

<!--
Common support functions.
-->
<xsl:import href="check_framework.xsl"/>

<!--
Process entity support category.
-->
<xsl:template match="md:EntityDescriptor
[md:Extensions/mdattr:EntityAttributes/saml:Attribute
[@NameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
[@Name='http://macedir.org/entity-category-support']
/saml:AttributeValue[.='http://refeds.org/category/research-and-scholarship']
]">
<xsl:choose>
<!--
(Implicit) applies only to identity providers.
-->
<xsl:when test="not(md:IDPSSODescriptor)">
<xsl:call-template name="error">
<xsl:with-param name="m">REFEDS R+S support only applies to identity provider entities</xsl:with-param>
</xsl:call-template>
</xsl:when>
</xsl:choose>
</xsl:template>

</xsl:stylesheet>
1 change: 1 addition & 0 deletions mdx/uk/beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@
<ref bean="check_uk_mdattr"/>
<ref bean="check_uk_mdrps"/>
<ref bean="check_uk_urlenc"/>
<ref bean="check_rands"/>
<ref bean="mdui_dn_en_present"/>
<ref bean="mdui_dn_en_match"/>
<ref bean="check_dup_display"/>
Expand Down
24 changes: 24 additions & 0 deletions mdx/validation-beans.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,30 @@
p:XSLResource="classpath:_rules/check_incmd.xsl"/>


<!--
***********************************************************
*** ***
*** R E F E D S R + S S P E C I F I C A T I O N ***
*** ***
***********************************************************
-->

<bean id="check_rands_member" parent="XSLValidationStage"
p:XSLResource="classpath:_rules/check_rands_member.xsl"/>

<bean id="check_rands_support" parent="XSLValidationStage"
p:XSLResource="classpath:_rules/check_rands_support.xsl"/>

<bean id="check_rands" parent="CompositeStage">
<property name="composedStages">
<list>
<ref bean="check_rands_member"/>
<ref bean="check_rands_support"/>
</list>
</property>
</bean>


<!--
***********************************************************
*** ***
Expand Down

0 comments on commit 4a13c34

Please sign in to comment.