From 5a74884b38b17530d5557292a9c846afff6e1ce4 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Mon, 19 Jun 2017 14:45:25 +0100 Subject: [PATCH] Convert tabs to spaces in XML files so that 4-space convention is not implicit See ukf/ukf-meta#134. --- attic/extract_entityids.xsl | 36 +- attic/extract_member_dates.xsl | 48 +- attic/extract_saml2sp.xsl | 54 +- attic/identity.xsl | 38 +- attic/members_domains.xsl | 120 +-- build/extract_addresses.xsl | 70 +- build/extract_cert_locs.xsl | 62 +- build/extract_embedded.xsl | 104 +- build/extract_locs.xsl | 72 +- build/extract_nk_cert_locs.xsl | 90 +- build/extract_nk_nocert_locs.xsl | 82 +- build/extract_nocert_locs.xsl | 64 +- charting/just_ours.xsl | 66 +- charting/saml2.xsl | 86 +- charting/scopes.xsl | 74 +- charting/statistics_mdui.xsl | 2 +- mdx/_rules/check_adfs.xsl | 120 +-- mdx/_rules/check_aggregate.xsl | 70 +- mdx/_rules/check_algsupport.xsl | 94 +- mdx/_rules/check_bindings.xsl | 316 +++--- mdx/_rules/check_entityid_prefix.xsl | 46 +- mdx/_rules/check_filtered.xsl | 48 +- mdx/_rules/check_framework.xsl | 236 ++--- mdx/_rules/check_future_0.xsl | 36 +- mdx/_rules/check_future_1.xsl | 36 +- mdx/_rules/check_future_2.xsl | 36 +- mdx/_rules/check_future_3.xsl | 40 +- mdx/_rules/check_future_4.xsl | 36 +- mdx/_rules/check_future_5.xsl | 26 +- mdx/_rules/check_future_6.xsl | 26 +- mdx/_rules/check_future_7.xsl | 26 +- mdx/_rules/check_future_8.xsl | 26 +- mdx/_rules/check_future_9.xsl | 26 +- mdx/_rules/check_hasreginfo.xsl | 32 +- mdx/_rules/check_hoksso.xsl | 290 +++--- mdx/_rules/check_idp_tls.xsl | 56 +- mdx/_rules/check_idpdisc.xsl | 94 +- mdx/_rules/check_imported.xsl | 60 +- mdx/_rules/check_incmd.xsl | 170 ++-- mdx/_rules/check_init.xsl | 62 +- mdx/_rules/check_mdattr.xsl | 100 +- mdx/_rules/check_mdiop.xsl | 70 +- mdx/_rules/check_mdrpi.xsl | 296 +++--- mdx/_rules/check_mdui.xsl | 436 ++++---- mdx/_rules/check_misc.xsl | 182 ++-- mdx/_rules/check_namespaces.xsl | 194 ++-- mdx/_rules/check_rands_member.xsl | 136 +-- mdx/_rules/check_rands_support.xsl | 66 +- mdx/_rules/check_regauth.xsl | 58 +- mdx/_rules/check_reqattr.xsl | 962 +++++++++--------- mdx/_rules/check_saml1.xsl | 118 +-- mdx/_rules/check_saml2.xsl | 176 ++-- mdx/_rules/check_saml2int.xsl | 246 ++--- mdx/_rules/check_saml2meta.xsl | 174 ++-- mdx/_rules/check_shib_noregscope.xsl | 30 +- mdx/_rules/check_shib_regscope.xsl | 40 +- mdx/_rules/check_shibboleth.xsl | 350 +++---- mdx/_rules/check_sirtfi.xsl | 112 +- mdx/_rules/check_sp_tls.xsl | 36 +- mdx/_rules/check_uk_algorithms.xsl | 302 +++--- mdx/_rules/check_uk_trust.xsl | 180 ++-- mdx/_rules/check_vhosts.xsl | 96 +- mdx/_rules/mdui_dn_en_match.xsl | 54 +- mdx/_rules/mdui_dn_en_present.xsl | 34 +- mdx/clean-import.xsl | 140 +-- mdx/default_regauth.xsl | 116 +-- mdx/identity.xsl | 38 +- mdx/int_edugain/check_recovered.xsl | 32 +- mdx/ns_norm.xsl | 428 ++++---- mdx/schema/MetadataExchange.xsd | 4 +- ...oasis-200401-wss-wssecurity-secext-1.0.xsd | 368 +++---- ...asis-200401-wss-wssecurity-utility-1.0.xsd | 146 +-- mdx/schema/saml-schema-assertion-2.0.xsd | 2 +- mdx/schema/shibboleth-metadata-1.0.xsd | 70 +- .../sstc-saml-holder-of-key-browser-sso.xsd | 8 +- mdx/schema/ws-addr.xsd | 232 ++--- mdx/schema/ws-authorization.xsd | 22 +- mdx/schema/ws-federation.xsd | 280 ++--- mdx/schema/ws-securitypolicy-1.2.xsd | 64 +- mdx/schema/xenc-schema-11.xsd | 116 +-- mdx/strip-aa-mdui.xsl | 40 +- mdx/strip-comments.xsl | 32 +- mdx/strip-mdui-logo-data.xsl | 40 +- mdx/strip-mdui-logo-http.xsl | 78 +- mdx/uk/check_fixup_encmethod.xsl | 54 +- mdx/uk/check_uk_keydesc_key.xsl | 44 +- mdx/uk/check_uk_mdattr.xsl | 204 ++-- mdx/uk/check_uk_mdrps.xsl | 90 +- mdx/uk/check_uk_urlenc.xsl | 38 +- mdx/uk/check_ukreg.xsl | 86 +- mdx/uk/entity_scopes.xsl | 58 +- mdx/uk/final_tweak.xsl | 288 +++--- mdx/uk/fix_mailto.xsl | 62 +- mdx/uk/fragment.xsl | 82 +- mdx/uk/generate.xml | 6 +- mdx/uk/ns_norm_back.xsl | 222 ++-- mdx/uk/ns_norm_cds.xsl | 134 +-- mdx/uk/ns_norm_export.xsl | 184 ++-- mdx/uk/ns_norm_export_preview.xsl | 184 ++-- mdx/uk/ns_norm_fragment.xsl | 122 +-- mdx/uk/ns_norm_test.xsl | 222 ++-- mdx/uk/ns_norm_uk.xsl | 222 ++-- mdx/uk/scopes_copy.xsl | 102 +- mdx/uk/statistics.xsl | 10 +- mdx/uk/strip_extensions.xsl | 96 +- mdx/uk/strip_sirtfi_contacts.xsl | 46 +- mdx/us_incommon/beans.xml | 2 +- utilities/2016-09-16/gen-id-to-name.xsl | 24 +- utilities/2016-09-16/gen-ukid-to-name.xsl | 24 +- utilities/2016-10-06/gen-id-to-name.xsl | 24 +- .../2017-02-27/listHideFromWAYFandEA.xsl | 4 +- 111 files changed, 6207 insertions(+), 6207 deletions(-) diff --git a/attic/extract_entityids.xsl b/attic/extract_entityids.xsl index c8d79b18..0723dd87 100644 --- a/attic/extract_entityids.xsl +++ b/attic/extract_entityids.xsl @@ -1,30 +1,30 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> - - + + - - - - + + + + - - - + + + diff --git a/attic/extract_member_dates.xsl b/attic/extract_member_dates.xsl index ac25f80e..0a793447 100644 --- a/attic/extract_member_dates.xsl +++ b/attic/extract_member_dates.xsl @@ -1,34 +1,34 @@ - - - - - - - ," - - " - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ukfm="http://ukfederation.org.uk/2007/01/members"> + + + + + + + ," + + " + + + + + + diff --git a/attic/extract_saml2sp.xsl b/attic/extract_saml2sp.xsl index 6950a87e..aa59a0db 100644 --- a/attic/extract_saml2sp.xsl +++ b/attic/extract_saml2sp.xsl @@ -1,37 +1,37 @@ - - - - - - - - - yes - no - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> + + + + + + + + + yes + no + + + + + + + diff --git a/attic/identity.xsl b/attic/identity.xsl index dc2ad8b1..23f2a177 100644 --- a/attic/identity.xsl +++ b/attic/identity.xsl @@ -1,30 +1,30 @@ - - - - - - - - - - - - - - + + + + + + + + + + + + + + diff --git a/attic/members_domains.xsl b/attic/members_domains.xsl index eedd6d9f..6764589b 100644 --- a/attic/members_domains.xsl +++ b/attic/members_domains.xsl @@ -1,78 +1,78 @@ + exclude-result-prefixes="members xalan" + xmlns="http://ukfederation.org.uk/2007/01/members" + > - + - - - - - - - - - - - + + + + + + + + + + - - - - - - - + In other words, retain it if: + * it contains more than one Scope, or + * it contains any Entity elements + --> + + + + + + + - - - - + + + + - - - - + + + + - - - - - - + + + + + + diff --git a/build/extract_addresses.xsl b/build/extract_addresses.xsl index 1f8d67cd..76dbd4c5 100644 --- a/build/extract_addresses.xsl +++ b/build/extract_addresses.xsl @@ -1,45 +1,45 @@ - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/extract_cert_locs.xsl b/build/extract_cert_locs.xsl index b2b0eabf..46a293e6 100644 --- a/build/extract_cert_locs.xsl +++ b/build/extract_cert_locs.xsl @@ -1,40 +1,40 @@ - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md"> + + + + + + + + + + + + + + + + + + diff --git a/build/extract_embedded.xsl b/build/extract_embedded.xsl index 75927cec..751a6a91 100644 --- a/build/extract_embedded.xsl +++ b/build/extract_embedded.xsl @@ -1,62 +1,62 @@ - - - - - - - - - - - - - Entity: - - [ - - ] - - - KeyName: - - - - - - (none) - - - - -----BEGIN CERTIFICATE----- - - - -----END CERTIFICATE----- - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:mdxTextUtils="xalan://uk.ac.sdss.xalan.md.TextUtils"> + + + + + + + + + + + + + Entity: + + [ + + ] + + + KeyName: + + + + + + (none) + + + + -----BEGIN CERTIFICATE----- + + + -----END CERTIFICATE----- + + + + + + + diff --git a/build/extract_locs.xsl b/build/extract_locs.xsl index 1de4ddb0..468b75e2 100644 --- a/build/extract_locs.xsl +++ b/build/extract_locs.xsl @@ -1,45 +1,45 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/extract_nk_cert_locs.xsl b/build/extract_nk_cert_locs.xsl index 8bd8cd03..08b25ce2 100644 --- a/build/extract_nk_cert_locs.xsl +++ b/build/extract_nk_cert_locs.xsl @@ -1,54 +1,54 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md"> + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/extract_nk_nocert_locs.xsl b/build/extract_nk_nocert_locs.xsl index 8c502036..1a9afcc5 100644 --- a/build/extract_nk_nocert_locs.xsl +++ b/build/extract_nk_nocert_locs.xsl @@ -1,56 +1,56 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/build/extract_nocert_locs.xsl b/build/extract_nocert_locs.xsl index 0ca45f9a..054d09bf 100644 --- a/build/extract_nocert_locs.xsl +++ b/build/extract_nocert_locs.xsl @@ -1,41 +1,41 @@ - - - - - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md ds"> + + + + + + + + + + + + + + + + + + + + + + diff --git a/charting/just_ours.xsl b/charting/just_ours.xsl index 5c7323c0..3324d60f 100644 --- a/charting/just_ours.xsl +++ b/charting/just_ours.xsl @@ -1,44 +1,44 @@ - - - - - - - - - - - - - - - - - - - - + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + + + + + + + + + + + + + + + + + + + + diff --git a/charting/saml2.xsl b/charting/saml2.xsl index 7e916c3f..04dd4455 100644 --- a/charting/saml2.xsl +++ b/charting/saml2.xsl @@ -1,52 +1,52 @@ - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + exclude-result-prefixes="md mdrpi"> + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/charting/scopes.xsl b/charting/scopes.xsl index b53d2ccc..76e808c2 100644 --- a/charting/scopes.xsl +++ b/charting/scopes.xsl @@ -1,46 +1,46 @@ - - - - - - - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + + + + + + + + + + + + + + + + + + + + + diff --git a/charting/statistics_mdui.xsl b/charting/statistics_mdui.xsl index 1faf2ae3..15c37bf5 100644 --- a/charting/statistics_mdui.xsl +++ b/charting/statistics_mdui.xsl @@ -27,7 +27,7 @@ + [descendant::mdrpi:RegistrationInfo/@registrationAuthority='http://ukfederation.org.uk']"/> diff --git a/mdx/_rules/check_adfs.xsl b/mdx/_rules/check_adfs.xsl index e4edee1f..0381d285 100644 --- a/mdx/_rules/check_adfs.xsl +++ b/mdx/_rules/check_adfs.xsl @@ -1,77 +1,77 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - ADFS IdP role lacks SSO service with appropriate Binding - - + + + + ADFS IdP role lacks SSO service with appropriate Binding + + - - - - ADFS SP role lacks SSO service with appropriate Binding - - + + + + ADFS SP role lacks SSO service with appropriate Binding + + - - - - ADFS SingleSignOnService requires appropriate protocolSupportEnumeration - - + + + + ADFS SingleSignOnService requires appropriate protocolSupportEnumeration + + - - - ADFS AssertionConsumerService requires appropriate protocolSupportEnumeration - - + + + ADFS AssertionConsumerService requires appropriate protocolSupportEnumeration + + - - - ADFS SingleLogoutService requires appropriate protocolSupportEnumeration - - + + + ADFS SingleLogoutService requires appropriate protocolSupportEnumeration + + diff --git a/mdx/_rules/check_aggregate.xsl b/mdx/_rules/check_aggregate.xsl index 031c18aa..44337a70 100644 --- a/mdx/_rules/check_aggregate.xsl +++ b/mdx/_rules/check_aggregate.xsl @@ -1,45 +1,45 @@ - - - - - - - - - - - - - - - - - - duplicate entityID: - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + + + + + + + + duplicate entityID: + + + + + diff --git a/mdx/_rules/check_algsupport.xsl b/mdx/_rules/check_algsupport.xsl index 0c2481aa..b9a0962d 100644 --- a/mdx/_rules/check_algsupport.xsl +++ b/mdx/_rules/check_algsupport.xsl @@ -1,64 +1,64 @@ + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - EncryptionMethod should not be present on 'signing' KeyDescriptor - - + + + + EncryptionMethod should not be present on 'signing' KeyDescriptor + + - - + + - - - + + + - - - - - alg: - - must only appear within an Extensions element - - - + + + + + alg: + + must only appear within an Extensions element + + + - - + + - - - + + + diff --git a/mdx/_rules/check_bindings.xsl b/mdx/_rules/check_bindings.xsl index 282c8658..b371869d 100644 --- a/mdx/_rules/check_bindings.xsl +++ b/mdx/_rules/check_bindings.xsl @@ -1,178 +1,178 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - invalid binding ' - - ' on - - - - + + + + invalid binding ' + + ' on + + + + - - - - - unknown binding ' - - ' on - - - - + + + + + unknown binding ' + + ' on + + + + diff --git a/mdx/_rules/check_entityid_prefix.xsl b/mdx/_rules/check_entityid_prefix.xsl index db29c0a1..bf53c54a 100644 --- a/mdx/_rules/check_entityid_prefix.xsl +++ b/mdx/_rules/check_entityid_prefix.xsl @@ -1,33 +1,33 @@ - - - - - - - - - entity ID does not start with acceptable prefix - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + entity ID does not start with acceptable prefix + + diff --git a/mdx/_rules/check_filtered.xsl b/mdx/_rules/check_filtered.xsl index 3b4b73e1..83c057dd 100644 --- a/mdx/_rules/check_filtered.xsl +++ b/mdx/_rules/check_filtered.xsl @@ -1,35 +1,35 @@ - - - - - - - - ds:X509SerialNumber should have been filtered out - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + ds:X509SerialNumber should have been filtered out + + diff --git a/mdx/_rules/check_framework.xsl b/mdx/_rules/check_framework.xsl index d6557058..f4e8d017 100644 --- a/mdx/_rules/check_framework.xsl +++ b/mdx/_rules/check_framework.xsl @@ -1,128 +1,128 @@ - - - - - - - - - - - [ERROR] - - - - - - - - - - - - : - - - - - - - - - - - - [WARN] - - - - - - - - - - - - : - - - - - - - - - - - - [INFO] - - - - - - - - - - - - : - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + + + + + + + + + + [ERROR] + + + + + + + + + + + + : + + + + + + + + + + + + [WARN] + + + + + + + + + + + + : + + + + + + + + + + + + [INFO] + + + + + + + + + + + + : + + + + + + + + + + + + + + + + diff --git a/mdx/_rules/check_future_0.xsl b/mdx/_rules/check_future_0.xsl index 36dcb13e..809f9ee0 100644 --- a/mdx/_rules/check_future_0.xsl +++ b/mdx/_rules/check_future_0.xsl @@ -1,30 +1,30 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_1.xsl b/mdx/_rules/check_future_1.xsl index 020829f6..ed05b114 100644 --- a/mdx/_rules/check_future_1.xsl +++ b/mdx/_rules/check_future_1.xsl @@ -1,30 +1,30 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_2.xsl b/mdx/_rules/check_future_2.xsl index 9e8119f0..ee51f733 100644 --- a/mdx/_rules/check_future_2.xsl +++ b/mdx/_rules/check_future_2.xsl @@ -1,30 +1,30 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_3.xsl b/mdx/_rules/check_future_3.xsl index cb307b84..a0b99011 100644 --- a/mdx/_rules/check_future_3.xsl +++ b/mdx/_rules/check_future_3.xsl @@ -1,31 +1,31 @@ - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:set="http://exslt.org/sets" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + diff --git a/mdx/_rules/check_future_4.xsl b/mdx/_rules/check_future_4.xsl index 4d3e9c74..8a7084f8 100644 --- a/mdx/_rules/check_future_4.xsl +++ b/mdx/_rules/check_future_4.xsl @@ -1,30 +1,30 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_5.xsl b/mdx/_rules/check_future_5.xsl index 42bff55a..8ebfc25d 100644 --- a/mdx/_rules/check_future_5.xsl +++ b/mdx/_rules/check_future_5.xsl @@ -1,26 +1,26 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_6.xsl b/mdx/_rules/check_future_6.xsl index 376914dc..14726df4 100644 --- a/mdx/_rules/check_future_6.xsl +++ b/mdx/_rules/check_future_6.xsl @@ -1,26 +1,26 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_7.xsl b/mdx/_rules/check_future_7.xsl index ea671d33..5dbd9a92 100644 --- a/mdx/_rules/check_future_7.xsl +++ b/mdx/_rules/check_future_7.xsl @@ -1,27 +1,27 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_8.xsl b/mdx/_rules/check_future_8.xsl index f80a9a9b..c763514f 100644 --- a/mdx/_rules/check_future_8.xsl +++ b/mdx/_rules/check_future_8.xsl @@ -1,27 +1,27 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_future_9.xsl b/mdx/_rules/check_future_9.xsl index 8d41c815..54911d3d 100644 --- a/mdx/_rules/check_future_9.xsl +++ b/mdx/_rules/check_future_9.xsl @@ -1,27 +1,27 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + diff --git a/mdx/_rules/check_hasreginfo.xsl b/mdx/_rules/check_hasreginfo.xsl index e312f5be..e2cb6801 100644 --- a/mdx/_rules/check_hasreginfo.xsl +++ b/mdx/_rules/check_hasreginfo.xsl @@ -1,27 +1,27 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - entity does not have an mdrpi:RegistrationInfo element - - + + + entity does not have an mdrpi:RegistrationInfo element + + diff --git a/mdx/_rules/check_hoksso.xsl b/mdx/_rules/check_hoksso.xsl index 28505a92..d3e50bc1 100644 --- a/mdx/_rules/check_hoksso.xsl +++ b/mdx/_rules/check_hoksso.xsl @@ -1,160 +1,160 @@ - - - - - - - - - - unknown element hoksso: - - - - - - - - - unknown attribute hoksso: - - - - - - - - - - hoksso:ProtocolBinding may not appear on - - - - - - - - - - hoksso:ProtocolBinding requires @Binding of - urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser - , saw - - - - - - - - - - - holder of key SSO @Binding on - - also requires hoksso:ProtocolBinding - - - - - - - - holder of key SSO requires appropriate hoksso:ProtocolBinding - - , saw - - - - - - - - - - holder of key SSO requires appropriate hoksso:ProtocolBinding - - , saw - - - - - - - + + + + + + + + unknown element hoksso: + + + + + + + + + unknown attribute hoksso: + + + + + + + + + + hoksso:ProtocolBinding may not appear on + + + + + + + + + + hoksso:ProtocolBinding requires @Binding of + urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser + , saw + + + + + + + + + + + holder of key SSO @Binding on + + also requires hoksso:ProtocolBinding + + + + + + + + holder of key SSO requires appropriate hoksso:ProtocolBinding + + , saw + + + + + + + + + + holder of key SSO requires appropriate hoksso:ProtocolBinding + + , saw + + + + + + + - - - - holder of key binding requires SAML 2.0 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration - - - - - - - - holder of key binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration - - - + + + + holder of key binding requires SAML 2.0 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration + + + + + + + + holder of key binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration + + + diff --git a/mdx/_rules/check_idp_tls.xsl b/mdx/_rules/check_idp_tls.xsl index ef39c042..b06074b4 100644 --- a/mdx/_rules/check_idp_tls.xsl +++ b/mdx/_rules/check_idp_tls.xsl @@ -1,46 +1,46 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - + Location does not start with https:// - - - ResponseLocation does not start with https:// - - - - - Location does not start with https:// - - - - - ResponseLocation does not start with https:// - - + + + ResponseLocation does not start with https:// + + + + + Location does not start with https:// + + + + + ResponseLocation does not start with https:// + + diff --git a/mdx/_rules/check_idpdisc.xsl b/mdx/_rules/check_idpdisc.xsl index f7b18305..0b4766a7 100644 --- a/mdx/_rules/check_idpdisc.xsl +++ b/mdx/_rules/check_idpdisc.xsl @@ -1,65 +1,65 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:set="http://exslt.org/sets" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - + - - - - - - DiscoveryResponse index values not all different - - - - - + + + + + + DiscoveryResponse index values not all different + + + + + - + - - - missing index attribute on DiscoveryResponse - - + + + missing index attribute on DiscoveryResponse + + - - - missing Binding attribute on DiscoveryResponse - - + + + missing Binding attribute on DiscoveryResponse + + - - - incorrect Binding value on DiscoveryResponse - - + + + incorrect Binding value on DiscoveryResponse + + diff --git a/mdx/_rules/check_imported.xsl b/mdx/_rules/check_imported.xsl index de5f97dc..b3064734 100644 --- a/mdx/_rules/check_imported.xsl +++ b/mdx/_rules/check_imported.xsl @@ -1,42 +1,42 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:dyn="http://exslt.org/dynamic" + xmlns:set="http://exslt.org/sets" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - - - this IdP does not have any Scope elements - - - + + + + + + this IdP does not have any Scope elements + + + diff --git a/mdx/_rules/check_incmd.xsl b/mdx/_rules/check_incmd.xsl index 727dd71f..2af81047 100644 --- a/mdx/_rules/check_incmd.xsl +++ b/mdx/_rules/check_incmd.xsl @@ -1,97 +1,97 @@ - - - - - - - - - incmd:contactType should only appear on md:ContactPerson - - - - - - - incmd:contactType requires contactType='other', found ' - - ' - - - - - - - incmd:contactType must be an absolute URI - - - - - - - - unknown value ' - - ' for incmd:contactType - - - - - - - - - - - - - - unknown element incmd: - - - - - - - - - unknown attribute incmd: - - - - + xmlns:incmd="http://id.incommon.org/metadata" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + incmd:contactType should only appear on md:ContactPerson + + + + + + + incmd:contactType requires contactType='other', found ' + + ' + + + + + + + incmd:contactType must be an absolute URI + + + + + + + + unknown value ' + + ' for incmd:contactType + + + + + + + + + + + + + + unknown element incmd: + + + + + + + + + unknown attribute incmd: + + + + diff --git a/mdx/_rules/check_init.xsl b/mdx/_rules/check_init.xsl index 6000a50e..c7349ddd 100644 --- a/mdx/_rules/check_init.xsl +++ b/mdx/_rules/check_init.xsl @@ -1,42 +1,42 @@ - - - - - - - - - missing Binding attribute on RequestInitiator - - - - - - incorrect Binding value on RequestInitiator - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + missing Binding attribute on RequestInitiator + + + + + + incorrect Binding value on RequestInitiator + + diff --git a/mdx/_rules/check_mdattr.xsl b/mdx/_rules/check_mdattr.xsl index 4a845f6a..3b0e6ad3 100644 --- a/mdx/_rules/check_mdattr.xsl +++ b/mdx/_rules/check_mdattr.xsl @@ -1,70 +1,70 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - EntityAttributes must only appear within an Extensions element - - - - - EntityAttributes must only appear within Extensions of EntityDescriptor or EntitiesDescriptor - - + The specification only defines the meaning of EntityAttributes within the Extensions of either + EntitiesDescriptor or EntityDescriptor. + --> + + + EntityAttributes must only appear within an Extensions element + + + + + EntityAttributes must only appear within Extensions of EntityDescriptor or EntitiesDescriptor + + - - - - Assertion may not appear in the EntityAttributes for an EntitiesDescriptor - - + Assertions not permitted in the context of an EntitiesDescriptor. + --> + + + Assertion may not appear in the EntityAttributes for an EntitiesDescriptor + + - - - - more than one EntityAttributes element in an Extensions element - - + EntityAttributes MUST NOT appear more than once within a given element. + --> + + + more than one EntityAttributes element in an Extensions element + + diff --git a/mdx/_rules/check_mdiop.xsl b/mdx/_rules/check_mdiop.xsl index 503e76d6..ee0ec366 100644 --- a/mdx/_rules/check_mdiop.xsl +++ b/mdx/_rules/check_mdiop.xsl @@ -1,46 +1,46 @@ - - - - - - - - KeyDescriptor does not contain a key representation - - - - - - - KeyDescriptor contains more than one X509Certificate - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + KeyDescriptor does not contain a key representation + + + + + + + KeyDescriptor contains more than one X509Certificate + + diff --git a/mdx/_rules/check_mdrpi.xsl b/mdx/_rules/check_mdrpi.xsl index 19253239..0530f57a 100644 --- a/mdx/_rules/check_mdrpi.xsl +++ b/mdx/_rules/check_mdrpi.xsl @@ -1,175 +1,175 @@ - - - - - - - - RegistrationInfo must only appear within an Extensions element - - - - - RegistrationInfo must only appear within Extensions of EntityDescriptor or EntitiesDescriptor - - - - - - - more than one RegistrationInfo element in one Extensions element - - - - - - - RegistrationInfo may not appear on both EntitiesDescriptor and child elements - - - - - - - - registrationInstant does not end with 'Z': - - - - - - - - - - - - - - - - - - - - - - - - non-unique lang values on - - elements - - - - - - + + + + + + RegistrationInfo must only appear within an Extensions element + + + + + RegistrationInfo must only appear within Extensions of EntityDescriptor or EntitiesDescriptor + + + + + + + more than one RegistrationInfo element in one Extensions element + + + + + + + RegistrationInfo may not appear on both EntitiesDescriptor and child elements + + + + + + + + registrationInstant does not end with 'Z': + + + + + + + + + + + + + + + + + + + + + + + + non-unique lang values on + + elements + + + + + + - - - PublicationInfo must only appear within an Extensions element - - - - - PublicationInfo must only appear within Extensions of EntityDescriptor or EntitiesDescriptor - - - - - - - PublicationInfo must be within document element's Extensions - - - - + + + PublicationInfo must be within document element's Extensions + + + + - - - more than one PublicationInfo element in one Extensions element - - + + + more than one PublicationInfo element in one Extensions element + + - - - - - misspelled or misplaced mdrpi element within md:Extensions: - - - - + + + + misspelled or misplaced mdrpi element within md:Extensions: + + + + diff --git a/mdx/_rules/check_mdui.xsl b/mdx/_rules/check_mdui.xsl index 05fca711..547a524e 100644 --- a/mdx/_rules/check_mdui.xsl +++ b/mdx/_rules/check_mdui.xsl @@ -1,141 +1,141 @@ - - - - - - - - more than one UIInfo element in one Extensions element - - - - - - - - misspelled or misplaced mdui element within md:Extensions: - - - - - - - - - UIInfo appearing outside Extensions element - - - - - - UIInfo appearing outside SSO descriptor element ( - - ) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - non-unique lang values on - - elements - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:mdxURL="xalan://uk.ac.sdss.xalan.md.URLchecker" + xmlns:set="http://exslt.org/sets" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + more than one UIInfo element in one Extensions element + + + + + + + + misspelled or misplaced mdui element within md:Extensions: + + + + + + + + + UIInfo appearing outside Extensions element + + + + + + UIInfo appearing outside SSO descriptor element ( + + ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + non-unique lang values on + + elements + + + + + + + + - - - - mdui:Logo URL does not start with https:// - - - + https://tools.oasis-open.org/issues/browse/SECURITY-24 + --> + + + + mdui:Logo URL does not start with https:// + + + - - - - mdui: - - ' - - ' is not a valid URL: - - - - - - + + + + mdui: + + ' + + ' is not a valid URL: + + + + + + - - - - mdui: - - ' - - ' is not a valid URL: - - - - - - - - - DiscoHints appearing outside Extensions element - - - - - - DiscoHints appearing outside IDPSSODescriptor element ( - - ) - - - - - - - - more than one DiscoHints element in one Extensions element - - - - - - - GeolocationHint must be RFC5870 URI starting with 'geo:' - - + + + + mdui: + + ' + + ' is not a valid URL: + + + + + + + + + DiscoHints appearing outside Extensions element + + + + + + DiscoHints appearing outside IDPSSODescriptor element ( + + ) + + + + + + + + more than one DiscoHints element in one Extensions element + + + + + + + GeolocationHint must be RFC5870 URI starting with 'geo:' + + diff --git a/mdx/_rules/check_misc.xsl b/mdx/_rules/check_misc.xsl index d95af024..4288d858 100644 --- a/mdx/_rules/check_misc.xsl +++ b/mdx/_rules/check_misc.xsl @@ -1,106 +1,106 @@ - - - - - - - - - entity ID contains space character - - - - - - - - OrganizationDisplayName contains line break - - - - - - - - Location contains space character - - - - - + + + + + + + entity ID contains space character + + + + + + + + OrganizationDisplayName contains line break + + + + + + + + Location contains space character + + + + + - - - ResponseLocation contains space character - - - - - - - - Binding contains space character - - - - - - - - empty xml:lang attribute - - - - - - - - bare 'ac.uk' scope not permitted - - + + + ResponseLocation contains space character + + + + + + + + Binding contains space character + + + + + + + + empty xml:lang attribute + + + + + + + + bare 'ac.uk' scope not permitted + + diff --git a/mdx/_rules/check_namespaces.xsl b/mdx/_rules/check_namespaces.xsl index c4c83a1e..fffd0369 100644 --- a/mdx/_rules/check_namespaces.xsl +++ b/mdx/_rules/check_namespaces.xsl @@ -1,107 +1,107 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unknown namespace: - - on element - - - - + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Unknown namespace: + + on element + + + + diff --git a/mdx/_rules/check_rands_member.xsl b/mdx/_rules/check_rands_member.xsl index 5ae4531f..0d98138a 100644 --- a/mdx/_rules/check_rands_member.xsl +++ b/mdx/_rules/check_rands_member.xsl @@ -1,86 +1,86 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - - - REFEDS R+S only applies to service provider entities - - - + + + + + + REFEDS R+S only applies to service provider entities + + + - - - REFEDS R+S requires SAML 2.0 POST support - - - + + + REFEDS R+S requires SAML 2.0 POST support + + + - - - REFEDS R+S requires mdui:DisplayName - - - - - REFEDS R+S requires mdui:InformationURL - - - + + + REFEDS R+S requires mdui:DisplayName + + + + + REFEDS R+S requires mdui:InformationURL + + + - - - REFEDS R+S requires one or more technical contacts - - - - + The Service Provider provides one or more technical contacts in metadata. + --> + + + REFEDS R+S requires one or more technical contacts + + + + diff --git a/mdx/_rules/check_rands_support.xsl b/mdx/_rules/check_rands_support.xsl index 71c1ff6a..c767b394 100644 --- a/mdx/_rules/check_rands_support.xsl +++ b/mdx/_rules/check_rands_support.xsl @@ -1,49 +1,49 @@ - - - - - + + + - - - - - - REFEDS R+S support only applies to identity provider entities - - - - + + + REFEDS R+S support only applies to identity provider entities + + + + diff --git a/mdx/_rules/check_regauth.xsl b/mdx/_rules/check_regauth.xsl index bf4328a0..617514ca 100644 --- a/mdx/_rules/check_regauth.xsl +++ b/mdx/_rules/check_regauth.xsl @@ -1,42 +1,42 @@ - - - - - + + + - (value not set) - - - - - - unexpected registration authority ' - - '; expected ' - - ' for this channel - - - - + (value not set) + + + + + + unexpected registration authority ' + + '; expected ' + + ' for this channel + + + + diff --git a/mdx/_rules/check_reqattr.xsl b/mdx/_rules/check_reqattr.xsl index 1952aa34..455d35e8 100644 --- a/mdx/_rules/check_reqattr.xsl +++ b/mdx/_rules/check_reqattr.xsl @@ -1,507 +1,507 @@ - - - - - - - - - - RequestedAttribute - - lacks NameFormat attribute - (implicitly 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified') - - - - - - - - - - RequestedAttribute uses NameFormat of - - : unsuitable for cross-domain use - - ( - - ) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - RequestedAttribute - - ( - - ) - - uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat - - - - - - - - - - - - - - RequestedAttribute - - ( - - ) - - uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat - - - - - - - - - - - - - - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat - - ( - - ) - - - - - - + + + + + + + + RequestedAttribute + + lacks NameFormat attribute + (implicitly 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified') + + + + + + + + + + RequestedAttribute uses NameFormat of + + : unsuitable for cross-domain use + + ( + + ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RequestedAttribute + + ( + + ) + + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + + + + + + + + + + + + + + RequestedAttribute + + ( + + ) + + uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + + + + + + + + + + + + + + RequestedAttribute uses OID name + + with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat + + ( + + ) + + + + + + - - - - - + + + - - - - RequestedAttribute uses OID name - - with SAML 1.x NameFormat: should use urn:mace name or SAML 2.0 NameFormat - - ( - - ) - - - - - - - - - - - - - - - RequestedAttribute uses unknown name - - with SAML 1.x NameFormat - - ( - - ) - - - - - - - - - - - - - - - - - - RequestedAttribute uses legacy MACEAttr name - - with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat - - ( - - ) - - - - - - - - - - RequestedAttribute uses legacy SWITCHaai name - - with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat - - ( - - ) - - - - - - + + + + + + + + + RequestedAttribute uses unknown name + + with SAML 1.x NameFormat + + ( + + ) + + + + + + + + + + + + + + + + + + RequestedAttribute uses legacy MACEAttr name + + with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat + + ( + + ) + + + + + + + + + + RequestedAttribute uses legacy SWITCHaai name + + with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat + + ( + + ) + + + + + + - - - - RequestedAttribute uses legacy format name - - with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat - - ( - - ) - - - - - - - - - - RequestedAttribute uses legacy format name - - with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat - - ( - - ) - - - - - - - - - - - - - - - - RequestedAttribute uses unknown name - - with SAML 2.0 NameFormat - - ( - - ) - - - - - - - + + + + RequestedAttribute uses legacy format name + + with SAML 2.0 NameFormat: should use urn:oid name or SAML 1.x NameFormat + + ( + + ) + + + + + + + + + + + + + + + + RequestedAttribute uses unknown name + + with SAML 2.0 NameFormat + + ( + + ) + + + + + + + diff --git a/mdx/_rules/check_saml1.xsl b/mdx/_rules/check_saml1.xsl index e5bc1caa..33325ed0 100644 --- a/mdx/_rules/check_saml1.xsl +++ b/mdx/_rules/check_saml1.xsl @@ -1,83 +1,83 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - no POST support on SAML 1.1 SP - - + + + + no POST support on SAML 1.1 SP + + - - - - SAML 1.1 AttributeAuthority missing appropriately bound AttributeService - - + + + SAML 1.1 AttributeAuthority missing appropriately bound AttributeService + + - - - - - SAML 1.0 binding requires SAML 1.1 token in IDPSSODescriptor/@protocolSupportEnumeration - - - + + + + SAML 1.0 binding requires SAML 1.1 token in IDPSSODescriptor/@protocolSupportEnumeration + + + - - - - - SAML 1.0 binding requires SAML 1.1 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration - - - + + + + SAML 1.0 binding requires SAML 1.1 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration + + + - - - - - SAML 1.0 binding requires SAML 1.1 token in SPSSODescriptor/@protocolSupportEnumeration - - - + + + + SAML 1.0 binding requires SAML 1.1 token in SPSSODescriptor/@protocolSupportEnumeration + + + diff --git a/mdx/_rules/check_saml2.xsl b/mdx/_rules/check_saml2.xsl index 3c5a5e26..0f1fed85 100644 --- a/mdx/_rules/check_saml2.xsl +++ b/mdx/_rules/check_saml2.xsl @@ -1,110 +1,110 @@ - - - - - - - - - more than one SingleSignOnService with SAML 2.0 HTTP-POST binding - - - - - - more than one SingleSignOnService with SAML 2.0 HTTP-POST-SimpleSign binding - - - - - - more than one SingleSignOnService with SAML 2.0 HTTP-Redirect binding - - - - + + + + + + + more than one SingleSignOnService with SAML 2.0 HTTP-POST binding + + + + + + more than one SingleSignOnService with SAML 2.0 HTTP-POST-SimpleSign binding + + + + + + more than one SingleSignOnService with SAML 2.0 HTTP-Redirect binding + + + + - - - SAML 2.0 AttributeAuthority missing appropriately bound AttributeService - - + + + SAML 2.0 AttributeAuthority missing appropriately bound AttributeService + + - - - - SAML 2.0 SP has no encryption key - - - - - - - - SAML 2.0 binding requires SAML 2.0 token in IDPSSODescriptor/@protocolSupportEnumeration - - - - - - - - - SAML 2.0 binding requires SAML 2.0 token in AttributeAuthorityDescriptor/@protocolSupportEnumeration - - - - - - - - - SAML 2.0 binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration - - - + + + + SAML 2.0 binding requires SAML 2.0 token in SPSSODescriptor/@protocolSupportEnumeration + + + diff --git a/mdx/_rules/check_saml2int.xsl b/mdx/_rules/check_saml2int.xsl index f8c930e0..42f30770 100644 --- a/mdx/_rules/check_saml2int.xsl +++ b/mdx/_rules/check_saml2int.xsl @@ -1,67 +1,67 @@ - - - - - - - - - SP excludes both SAML 2 name identifier formats - - - - - - - SAML 2.0 IDPSSODescriptor excludes SAML 2 transient name identifier format - - - - - SAML 2.0 AttributeAuthorityDescriptor excludes SAML 2 transient name identifier format - - - - + + + + + + + SP excludes both SAML 2 name identifier formats + + + + + + + SAML 2.0 IDPSSODescriptor excludes SAML 2 transient name identifier format + + + + + SAML 2.0 AttributeAuthorityDescriptor excludes SAML 2 transient name identifier format + + + + - - - SAML 2.0 IDPSSODescriptor does not support HTTP-Redirect SSO binding - - - - - - - - Attribute - - lacks NameFormat attribute - - - - - - - Attribute - - has incorrect NameFormat - - - - - - - - - no HTTP-POST support on SAML 2.0 SP - - - - - - - SAML 2.0 IdP has no embedded signing key - - - - - SAML 2.0 AttributeAuthority has no embedded signing key - - + + + SAML 2.0 IDPSSODescriptor does not support HTTP-Redirect SSO binding + + + + + + + + Attribute + + lacks NameFormat attribute + + + + + + + Attribute + + has incorrect NameFormat + + + + + + + + + no HTTP-POST support on SAML 2.0 SP + + + + + + + SAML 2.0 IdP has no embedded signing key + + + + + SAML 2.0 AttributeAuthority has no embedded signing key + + diff --git a/mdx/_rules/check_saml2meta.xsl b/mdx/_rules/check_saml2meta.xsl index 45cbcaa0..877d5306 100644 --- a/mdx/_rules/check_saml2meta.xsl +++ b/mdx/_rules/check_saml2meta.xsl @@ -1,34 +1,57 @@ + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdxURL="xalan://uk.ac.sdss.xalan.md.URLchecker" + xmlns:set="http://exslt.org/sets" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + - - + + + + + + + + ArtifactResolutionService index values not all different + + - + + + + + AssertionConsumerService index values not all different + + - + + + + @@ -37,77 +60,54 @@ - - - - - AssertionConsumerService index values not all different - - - - - - - - - - - - - ArtifactResolutionService index values not all different - - - - - - - - - - - - - - Location is not a valid URL: - - - - - - - + + + + + + + + + + Location is not a valid URL: + + + + + + + - - - - - ResponseLocation is not a valid URL: - - - - - - - - - - - OrganizationURL ' - - ' is not a valid URL: - - - - + + + + + ResponseLocation is not a valid URL: + + + + + + + + + + + OrganizationURL ' + + ' is not a valid URL: + + + + diff --git a/mdx/_rules/check_shib_noregscope.xsl b/mdx/_rules/check_shib_noregscope.xsl index 32470d4d..e516425f 100644 --- a/mdx/_rules/check_shib_noregscope.xsl +++ b/mdx/_rules/check_shib_noregscope.xsl @@ -1,7 +1,7 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - Scope lacks @regexp - - + + + Scope lacks @regexp + + diff --git a/mdx/_rules/check_shib_regscope.xsl b/mdx/_rules/check_shib_regscope.xsl index bffd7332..7f522e92 100644 --- a/mdx/_rules/check_shib_regscope.xsl +++ b/mdx/_rules/check_shib_regscope.xsl @@ -1,31 +1,31 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - regular expression in scope ' - - ' - - - + + + + regular expression in scope ' + + ' + + + diff --git a/mdx/_rules/check_shibboleth.xsl b/mdx/_rules/check_shibboleth.xsl index 591e32b3..12e87c7a 100644 --- a/mdx/_rules/check_shibboleth.xsl +++ b/mdx/_rules/check_shibboleth.xsl @@ -1,188 +1,188 @@ - - - - - - - - - OrganizationURL '' does not start with acceptable prefix - - - - - - - - Shibboleth 1.x auth request needs urn:oasis:names:tc:SAML:1.1:protocol in IDPSSODescriptor/@protocolSupportEnumeration - - - - - - Shibboleth 1.x auth request needs urn:mace:shibboleth:1.0 in IDPSSODescriptor/@protocolSupportEnumeration - - - - - - - - Shibboleth 1.x support claimed but no appropriate SSO service binding - - - - - - - - more than one SingleSignOnService with Shibboleth binding - - - - - - - - SAML 1.1 SP excludes Shibboleth transient name identifier format - - - - - - - - ds:KeyInfo child element not in ds namespace - - - - - - - - SIDPO-34: Attribute lacking NameFormat in IDPSSODescriptor - - - - - - - Scope value contains space character - - - - - - - - Scope value contains line break - - - - - - - - X509Certificate contains XML comment - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + OrganizationURL '' does not start with acceptable prefix + + + + + + + + Shibboleth 1.x auth request needs urn:oasis:names:tc:SAML:1.1:protocol in IDPSSODescriptor/@protocolSupportEnumeration + + + + + + Shibboleth 1.x auth request needs urn:mace:shibboleth:1.0 in IDPSSODescriptor/@protocolSupportEnumeration + + + + + + + + Shibboleth 1.x support claimed but no appropriate SSO service binding + + + + + + + + more than one SingleSignOnService with Shibboleth binding + + + + + + + + SAML 1.1 SP excludes Shibboleth transient name identifier format + + + + + + + + ds:KeyInfo child element not in ds namespace + + + + + + + + SIDPO-34: Attribute lacking NameFormat in IDPSSODescriptor + + + + + + + Scope value contains space character + + + + + + + + Scope value contains line break + + + + + + + + X509Certificate contains XML comment + + diff --git a/mdx/_rules/check_sirtfi.xsl b/mdx/_rules/check_sirtfi.xsl index 0174c455..48f0e6af 100644 --- a/mdx/_rules/check_sirtfi.xsl +++ b/mdx/_rules/check_sirtfi.xsl @@ -1,73 +1,73 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - + + - - + + - - - - SIRTFI requires a REFEDS security contact - - + + + + SIRTFI requires a REFEDS security contact + + - - - - - SIRTFI requires a REFEDS security contact with a GivenName - - - - - SIRTFI requires a REFEDS security contact with an EmailAddress - - - - + + + + + SIRTFI requires a REFEDS security contact with a GivenName + + + + + SIRTFI requires a REFEDS security contact with an EmailAddress + + + + diff --git a/mdx/_rules/check_sp_tls.xsl b/mdx/_rules/check_sp_tls.xsl index fe78eccb..3432cd06 100644 --- a/mdx/_rules/check_sp_tls.xsl +++ b/mdx/_rules/check_sp_tls.xsl @@ -1,36 +1,36 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - + Location does not start with https:// - - - ResponseLocation does not start with https:// - - + + + ResponseLocation does not start with https:// + + diff --git a/mdx/_rules/check_uk_algorithms.xsl b/mdx/_rules/check_uk_algorithms.xsl index 197da8c8..0a4c024f 100644 --- a/mdx/_rules/check_uk_algorithms.xsl +++ b/mdx/_rules/check_uk_algorithms.xsl @@ -1,32 +1,32 @@ - - - - - + + + - - - - - insecure algorithm in SigningMethod: ' - - ' - - - - - - - - - - + + + - - - - unknown algorithm in SigningMethod: ' - - ' - - - - - - - - - - insecure algorithm in DigestMethod: ' - - ' - - - - - - - - - - + + + - - - - unknown algorithm in DigestMethod: ' - - ' - - - - - + --> - + + + + insecure algorithm in EncryptionMethod: ' + + ' + + + + + + + + + + - - - - insecure algorithm in EncryptionMethod: ' - - ' - - - - - - - - - - - - - - unknown algorithm in EncryptionMethod: ' - - ' - - - + + + + unknown algorithm in EncryptionMethod: ' + + ' + + + diff --git a/mdx/_rules/check_uk_trust.xsl b/mdx/_rules/check_uk_trust.xsl index 041da61b..00a1bee9 100644 --- a/mdx/_rules/check_uk_trust.xsl +++ b/mdx/_rules/check_uk_trust.xsl @@ -11,108 +11,108 @@ --> + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + - + Each , and + role descriptor appearing in metadata published by the UK federation SHALL + contain at least one element. + --> - - - IdP SSO Descriptor lacking KeyDescriptor - - + + + IdP SSO Descriptor lacking KeyDescriptor + + - - - SP SSO Descriptor lacking KeyDescriptor - - + + + SP SSO Descriptor lacking KeyDescriptor + + - - - IdP AA Descriptor lacking KeyDescriptor - - + + + IdP AA Descriptor lacking KeyDescriptor + + - - - - SAML 2.0 IdP has KeyDescriptor without embedded key - - - - - - SAML 2.0 AttributeAuthority has KeyDescriptor without embedded key - - - - - - SAML 2.0 SP has KeyDescriptor without embedded key - - - - - - SAML 1.1 IdP has KeyDescriptor without embedded key - - - - - - SAML 1.1 AttributeAuthority has KeyDescriptor without embedded key - - - - - - SAML 1.1 SP has KeyDescriptor without embedded key - - - - - - - entity has legacy KeyName element - - + In roles which indicate support through their protocolSupportEnumeration values for + SAML 2.0 or SAML 1.1 profiles, each MUST support the direct key + verification scheme as described in section 2.1.1. + --> + + + SAML 2.0 IdP has KeyDescriptor without embedded key + + + + + + SAML 2.0 AttributeAuthority has KeyDescriptor without embedded key + + + + + + SAML 2.0 SP has KeyDescriptor without embedded key + + + + + + SAML 1.1 IdP has KeyDescriptor without embedded key + + + + + + SAML 1.1 AttributeAuthority has KeyDescriptor without embedded key + + + + + + SAML 1.1 SP has KeyDescriptor without embedded key + + + + + + + entity has legacy KeyName element + + diff --git a/mdx/_rules/check_vhosts.xsl b/mdx/_rules/check_vhosts.xsl index a938a1dc..230f88c3 100644 --- a/mdx/_rules/check_vhosts.xsl +++ b/mdx/_rules/check_vhosts.xsl @@ -1,58 +1,58 @@ - - - - - - - - - - substring-before(substring-after(concat(., '/'), 'https://'), '/') - - - - - - - - - - - - - - - - at least one SOAP location on same vhost as an SSO location - - - + xmlns:dyn="http://exslt.org/dynamic" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:set="http://exslt.org/sets" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + substring-before(substring-after(concat(., '/'), 'https://'), '/') + + + + + + + + + + + + + + + + at least one SOAP location on same vhost as an SSO location + + + diff --git a/mdx/_rules/mdui_dn_en_match.xsl b/mdx/_rules/mdui_dn_en_match.xsl index f4b993dc..7ecb8015 100644 --- a/mdx/_rules/mdui_dn_en_match.xsl +++ b/mdx/_rules/mdui_dn_en_match.xsl @@ -1,41 +1,41 @@ - - - - - - - - - - - mismatched xml:lang='en' DisplayNames: ' - - ' in mdui vs. ' - - ' in ODN - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + mismatched xml:lang='en' DisplayNames: ' + + ' in mdui vs. ' + + ' in ODN + + + + diff --git a/mdx/_rules/mdui_dn_en_present.xsl b/mdx/_rules/mdui_dn_en_present.xsl index 42c32d2a..e5364e11 100644 --- a/mdx/_rules/mdui_dn_en_present.xsl +++ b/mdx/_rules/mdui_dn_en_present.xsl @@ -1,31 +1,31 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - mdui:UIInfo with no xml:lang='en' DisplayName - - - + + + + mdui:UIInfo with no xml:lang='en' DisplayName + + + diff --git a/mdx/clean-import.xsl b/mdx/clean-import.xsl index 20936824..e7c2211b 100644 --- a/mdx/clean-import.xsl +++ b/mdx/clean-import.xsl @@ -1,79 +1,79 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdxTextUtils="xalan://uk.ac.sdss.xalan.md.TextUtils" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + extension-element-prefixes="mdxTextUtils"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/default_regauth.xsl b/mdx/default_regauth.xsl index bec46fc8..6263b601 100644 --- a/mdx/default_regauth.xsl +++ b/mdx/default_regauth.xsl @@ -1,77 +1,77 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - (value not set) + (value not set) - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - - - - + + + + + + + - - - - - - - - - - + + + + + + + + + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/identity.xsl b/mdx/identity.xsl index dc2ad8b1..23f2a177 100644 --- a/mdx/identity.xsl +++ b/mdx/identity.xsl @@ -1,30 +1,30 @@ - - - - - - - - - - - - - - + + + + + + + + + + + + + + diff --git a/mdx/int_edugain/check_recovered.xsl b/mdx/int_edugain/check_recovered.xsl index 4175fa21..2781d372 100644 --- a/mdx/int_edugain/check_recovered.xsl +++ b/mdx/int_edugain/check_recovered.xsl @@ -1,26 +1,26 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - entity has recovered from a previous error condition - - + + + entity has recovered from a previous error condition + + diff --git a/mdx/ns_norm.xsl b/mdx/ns_norm.xsl index bef1f20b..60b4c6ac 100644 --- a/mdx/ns_norm.xsl +++ b/mdx/ns_norm.xsl @@ -1,222 +1,222 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + + exclude-result-prefixes="md" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/MetadataExchange.xsd b/mdx/schema/MetadataExchange.xsd index 6dec545c..06d2a6fd 100644 --- a/mdx/schema/MetadataExchange.xsd +++ b/mdx/schema/MetadataExchange.xsd @@ -9,8 +9,8 @@ Permission to copy and display the WS-MetadataExchange Specification granted, provided that you include the following on ALL copies of the Specification that you make: -1. A link or URL to the Specification at this location. -2. The copyright notice as shown in the Specification. +1. A link or URL to the Specification at this location. +2. The copyright notice as shown in the Specification. BEA Systems, Computer Associates, IBM, Microsoft, SAP, Sun, and webMethods (collectively, the "Authors") each agree to grant you a diff --git a/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd index 536d869f..78a73ef8 100644 --- a/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd +++ b/mdx/schema/oasis-200401-wss-wssecurity-secext-1.0.xsd @@ -8,188 +8,188 @@ The limited permissions granted above are perpetual and will not be revoked by O This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. --> - - - - - - This type represents an element with arbitrary attributes. - - - - - - - - - - - This type is used for password elements per Section 4.1. - - - - - - - - - - This type is used for elements containing stringified binary data. - - - - - - - - - - This type represents a username token per Section 4.1 - - - - - - - - - - - A security token that is encoded in binary - - - - - - - - - - A security token key identifier - - - - - - - - - - Typedef to allow a list of usages (as URIs). - - - - - - This global attribute is used to indicate the usage of a referenced or indicated token within the containing context - - - - - This type represents a reference to an external security token. - - - - - - - - This type represents a reference to an embedded security token. - - - - - - - - - - This type is used reference a security token. - - - - - - - - - - - This complexType defines header block to use for security-relevant data directed at a specific SOAP actor. - - - - - The use of "any" is to allow extensibility and different forms of security data. - - - - - - - - This complexType defines a container for elements to be specified from any namespace as properties/parameters of a DSIG transformation. - - - - - The use of "any" is to allow extensibility from any namespace. - - - - - - - - This element defines the wsse:UsernameToken element per Section 4.1. - - - - - This element defines the wsse:BinarySecurityToken element per Section 4.2. - - - - - This element defines a security token reference - - - - - This element defines a security token embedded reference - - - - - This element defines a key identifier reference - - - - - This element defines the wsse:SecurityTokenReference per Section 4.3. - - - - - This element defines the wsse:Security SOAP header element per Section 4. - - - - - This element contains properties for transformations from any namespace, including DSIG. - - - - - - - - - - - - - - - + + + + + + This type represents an element with arbitrary attributes. + + + + + + + + + + + This type is used for password elements per Section 4.1. + + + + + + + + + + This type is used for elements containing stringified binary data. + + + + + + + + + + This type represents a username token per Section 4.1 + + + + + + + + + + + A security token that is encoded in binary + + + + + + + + + + A security token key identifier + + + + + + + + + + Typedef to allow a list of usages (as URIs). + + + + + + This global attribute is used to indicate the usage of a referenced or indicated token within the containing context + + + + + This type represents a reference to an external security token. + + + + + + + + This type represents a reference to an embedded security token. + + + + + + + + + + This type is used reference a security token. + + + + + + + + + + + This complexType defines header block to use for security-relevant data directed at a specific SOAP actor. + + + + + The use of "any" is to allow extensibility and different forms of security data. + + + + + + + + This complexType defines a container for elements to be specified from any namespace as properties/parameters of a DSIG transformation. + + + + + The use of "any" is to allow extensibility from any namespace. + + + + + + + + This element defines the wsse:UsernameToken element per Section 4.1. + + + + + This element defines the wsse:BinarySecurityToken element per Section 4.2. + + + + + This element defines a security token reference + + + + + This element defines a security token embedded reference + + + + + This element defines a key identifier reference + + + + + This element defines the wsse:SecurityTokenReference per Section 4.3. + + + + + This element defines the wsse:Security SOAP header element per Section 4. + + + + + This element contains properties for transformations from any namespace, including DSIG. + + + + + + + + + + + + + + + diff --git a/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd index 36c61862..f2ed72d8 100644 --- a/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd +++ b/mdx/schema/oasis-200401-wss-wssecurity-utility-1.0.xsd @@ -13,96 +13,96 @@ This document and the information contained herein is provided on an “AS IS” xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.1"> - - - - + + + + This type defines the fault code value for Timestamp message expiration. - - - - - - - - - + + + + + + + + + This global attribute supports annotating arbitrary elements with an ID. - - - - - + + + + + Convenience attribute group used to simplify this schema. - - - - - - - - + + + + + + + + This type is for elements whose [children] is a psuedo-dateTime and can have arbitrary attributes. - - - - - - - - - - + + + + + + + + + + This type is for elements whose [children] is an anyURI and can have arbitrary attributes. - - - - - - - - - - - + + + + + + + + + + + This complex type ties together the timestamp related elements into a composite type. - - - - - - - - - - - - - + + + + + + + + + + + + + This element allows Timestamps to be applied anywhere element wildcards are present, including as a SOAP header. - - - - - - + + + + + + This element allows an expiration time to be applied anywhere element wildcards are present. - - - - - + + + + + This element allows a creation time to be applied anywhere element wildcards are present. - - + + diff --git a/mdx/schema/saml-schema-assertion-2.0.xsd b/mdx/schema/saml-schema-assertion-2.0.xsd index 2b2f7b80..a1ef536c 100644 --- a/mdx/schema/saml-schema-assertion-2.0.xsd +++ b/mdx/schema/saml-schema-assertion-2.0.xsd @@ -163,7 +163,7 @@ - + diff --git a/mdx/schema/shibboleth-metadata-1.0.xsd b/mdx/schema/shibboleth-metadata-1.0.xsd index be1441dd..476ba7b8 100644 --- a/mdx/schema/shibboleth-metadata-1.0.xsd +++ b/mdx/schema/shibboleth-metadata-1.0.xsd @@ -1,42 +1,42 @@ + xmlns="http://www.w3.org/2001/XMLSchema" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + elementFormDefault="unqualified" + attributeFormDefault="unqualified" + version="1.0"> - + - - - - SAML metadata extension used to regulate allowable attribute scopes. - - - - - - - - - - + + + + SAML metadata extension used to regulate allowable attribute scopes. + + + + + + + + + + - - - - Binds keying authorities to the system entity/entities to which the enclosing - metadata element applies. - - - - - - - - - - + + + + Binds keying authorities to the system entity/entities to which the enclosing + metadata element applies. + + + + + + + + + + diff --git a/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd index 7860d029..11f34de3 100644 --- a/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd +++ b/mdx/schema/sstc-saml-holder-of-key-browser-sso.xsd @@ -14,10 +14,10 @@ Document identifier: sstc-saml-holder-of-key-browser-sso.xsd Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security Revision history: - V1.2 (2 November 2008): - Renamed attribute from protocol to ProtocolBinding; targetNamespace changed in accordance with new conventions - V1.1 (6 August 2008): - string type changed to anyURI to match original SAML2Meta schema + V1.2 (2 November 2008): + Renamed attribute from protocol to ProtocolBinding; targetNamespace changed in accordance with new conventions + V1.1 (6 August 2008): + string type changed to anyURI to match original SAML2Meta schema V1.0 (4 August 2008): Initial version. diff --git a/mdx/schema/ws-addr.xsd b/mdx/schema/ws-addr.xsd index 2926d27d..f6fc9c53 100644 --- a/mdx/schema/ws-addr.xsd +++ b/mdx/schema/ws-addr.xsd @@ -17,121 +17,121 @@ --> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/schema/ws-authorization.xsd b/mdx/schema/ws-authorization.xsd index f9648dd9..51dc059e 100644 --- a/mdx/schema/ws-authorization.xsd +++ b/mdx/schema/ws-authorization.xsd @@ -23,9 +23,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + xmlns:tns='http://docs.oasis-open.org/wsfed/authorization/200706' + targetNamespace='http://docs.oasis-open.org/wsfed/authorization/200706' + elementFormDefault='qualified' > @@ -45,8 +45,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - + + @@ -57,16 +57,16 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - + - - + + - - - + + + diff --git a/mdx/schema/ws-federation.xsd b/mdx/schema/ws-federation.xsd index e6a2a322..d7b3dcf5 100644 --- a/mdx/schema/ws-federation.xsd +++ b/mdx/schema/ws-federation.xsd @@ -21,29 +21,29 @@ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. --> + targetNamespace='http://docs.oasis-open.org/wsfed/federation/200706' + elementFormDefault='qualified' > + schemaLocation='oasis-200401-wss-wssecurity-secext-1.0.xsd' /> + schemaLocation='oasis-200401-wss-wssecurity-utility-1.0.xsd' /> + schemaLocation='ws-addr.xsd' /> + schemaLocation='MetadataExchange.xsd' /> + schemaLocation='saml-schema-metadata-2.0.xsd' /> + schemaLocation='ws-securitypolicy-1.2.xsd'/> @@ -53,22 +53,22 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - + + + + - - - - - + + + + + @@ -170,15 +170,15 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - + + + + - - + + @@ -202,29 +202,29 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - - + + + + + - - - - - + + + + + - - - - + + + + @@ -269,26 +269,26 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - + - - - - - - - + + + + + + + - - - - + + + + @@ -297,98 +297,98 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - - - + + + + + + - - - - + + + + - - - - + + + + - - - - - - - - + + + + + + + + - - - - + + + + - - - - + + + + - - - - - - + + + + + + - - - - - - - - + + + + + + + + - - - - - + + + + + @@ -404,41 +404,41 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - + + + + - - - - - - - + + + + + + + - - - - - + + + + + - - - - - - + + + + + + @@ -446,10 +446,10 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - - - + + + + diff --git a/mdx/schema/ws-securitypolicy-1.2.xsd b/mdx/schema/ws-securitypolicy-1.2.xsd index 9346a4b3..bda124b8 100644 --- a/mdx/schema/ws-securitypolicy-1.2.xsd +++ b/mdx/schema/ws-securitypolicy-1.2.xsd @@ -21,19 +21,19 @@ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. --> + elementFormDefault="qualified" + blockDefault="#all" > + schemaLocation="ws-addr.xsd" /> + 4. Protection Assertions + --> @@ -95,8 +95,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + 5. Token Assertions + --> @@ -131,9 +131,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + Actual content model is non-deterministic, hence wildcard. The following shows intended content model: + + --> @@ -191,9 +191,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + Actual content model is non-deterministic, hence wildcard. The following shows intended content model: + + --> @@ -373,9 +373,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + Actual content model is non-deterministic, hence wildcard. The following shows intended content model: + + --> @@ -446,9 +446,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + Actual content model is non-deterministic, hence wildcard. The following shows intended content model: + + --> @@ -585,9 +585,9 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + Actual content model is non-deterministic, hence wildcard. The following shows intended content model: + + --> @@ -602,8 +602,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + 7. Security Binding Assertions + --> @@ -961,8 +961,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + 8. Supporting Tokens + --> @@ -1068,8 +1068,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + 9. WSS: SOAP Message Security Options + --> @@ -1142,8 +1142,8 @@ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + 10. WS-Trust Options + --> diff --git a/mdx/schema/xenc-schema-11.xsd b/mdx/schema/xenc-schema-11.xsd index 1a8ceb2a..9535d2f7 100644 --- a/mdx/schema/xenc-schema-11.xsd +++ b/mdx/schema/xenc-schema-11.xsd @@ -21,77 +21,77 @@ targetNamespace='http://www.w3.org/2009/xmlenc11#' elementFormDefault='qualified'> - + - + - - - - - - - - - - - + + + + + + + + + + + - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - + + + + + + + - + - - - - + + + + - + - - + + - + - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + diff --git a/mdx/strip-aa-mdui.xsl b/mdx/strip-aa-mdui.xsl index 755cefb7..2368a915 100644 --- a/mdx/strip-aa-mdui.xsl +++ b/mdx/strip-aa-mdui.xsl @@ -1,32 +1,32 @@ + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/strip-comments.xsl b/mdx/strip-comments.xsl index b1545093..5bbe1fb9 100644 --- a/mdx/strip-comments.xsl +++ b/mdx/strip-comments.xsl @@ -1,28 +1,28 @@ + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/strip-mdui-logo-data.xsl b/mdx/strip-mdui-logo-data.xsl index 7036cbe1..e4923841 100644 --- a/mdx/strip-mdui-logo-data.xsl +++ b/mdx/strip-mdui-logo-data.xsl @@ -1,32 +1,32 @@ + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/strip-mdui-logo-http.xsl b/mdx/strip-mdui-logo-http.xsl index 50702a53..68526030 100644 --- a/mdx/strip-mdui-logo-http.xsl +++ b/mdx/strip-mdui-logo-http.xsl @@ -1,49 +1,49 @@ - - - - - - - - - - - - mdui:Logo from non-TLS location removed: ' - - ' - - - - - - - - - - - - - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + + mdui:Logo from non-TLS location removed: ' + + ' + + + + + + + + + + + + + + + + diff --git a/mdx/uk/check_fixup_encmethod.xsl b/mdx/uk/check_fixup_encmethod.xsl index 59841507..afbe978e 100644 --- a/mdx/uk/check_fixup_encmethod.xsl +++ b/mdx/uk/check_fixup_encmethod.xsl @@ -1,36 +1,36 @@ - - - - - - - - - KeyDescriptor contains EncryptionMethod: OpenSAML-C 2.0 problem - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + KeyDescriptor contains EncryptionMethod: OpenSAML-C 2.0 problem + + diff --git a/mdx/uk/check_uk_keydesc_key.xsl b/mdx/uk/check_uk_keydesc_key.xsl index bd9c2db3..a134c95f 100644 --- a/mdx/uk/check_uk_keydesc_key.xsl +++ b/mdx/uk/check_uk_keydesc_key.xsl @@ -1,33 +1,33 @@ - - - - - - - - - KeyDescriptor lacks embedded key material - - - + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + KeyDescriptor lacks embedded key material + + + diff --git a/mdx/uk/check_uk_mdattr.xsl b/mdx/uk/check_uk_mdattr.xsl index e5016f1b..48f3ef66 100644 --- a/mdx/uk/check_uk_mdattr.xsl +++ b/mdx/uk/check_uk_mdattr.xsl @@ -1,124 +1,124 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - - + + - - - - Assertion not permitted within EntityAttributes - - + + + + Assertion not permitted within EntityAttributes + + - - - - - entity attribute - - has no NameFormat attribute - - - - - - - entity attribute - - has wrong NameFormat value - - - - + + + + + entity attribute + + has no NameFormat attribute + + + + + + + entity attribute + + has wrong NameFormat value + + + + - - - - - unknown entity attribute name - - - - + + + + + unknown entity attribute name + + + + - - - - - unknown entity category URI - - - - + + + + + unknown entity category URI + + + + - - - - - unknown entity category support URI - - - - + + + + unknown entity category support URI + + + + - - - - - unknown assurance certification URI - - - - + + + + + unknown assurance certification URI + + + + diff --git a/mdx/uk/check_uk_mdrps.xsl b/mdx/uk/check_uk_mdrps.xsl index 50b72cca..bebafa19 100644 --- a/mdx/uk/check_uk_mdrps.xsl +++ b/mdx/uk/check_uk_mdrps.xsl @@ -1,57 +1,57 @@ - - - - - - - - - - exported entity lacks a registrationInstant value - - - - - - - - - - invalid RegistrationPolicy value - - - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + exported entity lacks a registrationInstant value + + + + + + + + + + invalid RegistrationPolicy value + + + + diff --git a/mdx/uk/check_uk_urlenc.xsl b/mdx/uk/check_uk_urlenc.xsl index caf20da5..3f14f05c 100644 --- a/mdx/uk/check_uk_urlenc.xsl +++ b/mdx/uk/check_uk_urlenc.xsl @@ -1,32 +1,32 @@ - - - - - - - - URL-encoded Location attribute; should be entity-encoded - - + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + URL-encoded Location attribute; should be entity-encoded + + diff --git a/mdx/uk/check_ukreg.xsl b/mdx/uk/check_ukreg.xsl index e1897d02..b29eea90 100644 --- a/mdx/uk/check_ukreg.xsl +++ b/mdx/uk/check_ukreg.xsl @@ -1,53 +1,53 @@ - - - - - - - - - badly formatted e-mail address: '' - - - - - - - - - - Location - - not in standard form - - - + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + + xmlns:mdxMail="xalan://uk.ac.sdss.xalan.md.Mail" + extension-element-prefixes="mdxMail" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + badly formatted e-mail address: '' + + + + + + + + + + Location + + not in standard form + + + diff --git a/mdx/uk/entity_scopes.xsl b/mdx/uk/entity_scopes.xsl index 71c2a941..34e74758 100644 --- a/mdx/uk/entity_scopes.xsl +++ b/mdx/uk/entity_scopes.xsl @@ -1,38 +1,38 @@ - - - - - - - - - - - - - - - - - - - + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + exclude-result-prefixes="md"> + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/final_tweak.xsl b/mdx/uk/final_tweak.xsl index cb8a50b2..dac0c437 100644 --- a/mdx/uk/final_tweak.xsl +++ b/mdx/uk/final_tweak.xsl @@ -1,183 +1,183 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + exclude-result-prefixes="md"> - - + + - - + This parameter, if present, provides additional text to be put in the + document comment. + --> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + - - U K F E D E R A T I O N M E T A D A T A - - - *** - - *** - - - Aggregate built + + U K F E D E R A T I O N M E T A D A T A + + + *** + + *** + + + Aggregate built ( local) - - - Aggregate valid for - - days, until - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/fix_mailto.xsl b/mdx/uk/fix_mailto.xsl index dab37629..1c99b1e5 100644 --- a/mdx/uk/fix_mailto.xsl +++ b/mdx/uk/fix_mailto.xsl @@ -1,40 +1,40 @@ - - - - - - - - mailto: - - - - - - - - - - - - - - - + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + exclude-result-prefixes="md"> + + + + + + + + mailto: + + + + + + + + + + + + + + + diff --git a/mdx/uk/fragment.xsl b/mdx/uk/fragment.xsl index 39d59e3e..87375526 100644 --- a/mdx/uk/fragment.xsl +++ b/mdx/uk/fragment.xsl @@ -1,55 +1,55 @@ + exclude-result-prefixes="xsi xsl"> - - + + - - + + - - - + + + - + - - - + + + - + - - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml index 9622c0aa..94dd2f9b 100644 --- a/mdx/uk/generate.xml +++ b/mdx/uk/generate.xml @@ -301,10 +301,10 @@ --> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + diff --git a/mdx/uk/ns_norm_cds.xsl b/mdx/uk/ns_norm_cds.xsl index 15113ea3..2d3dcfb2 100644 --- a/mdx/uk/ns_norm_cds.xsl +++ b/mdx/uk/ns_norm_cds.xsl @@ -1,77 +1,77 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" + xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + + exclude-result-prefixes="alg ds init md mdattr saml shibmd ukfedlabel xsi" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/ns_norm_export.xsl b/mdx/uk/ns_norm_export.xsl index a64aef3b..7947548f 100644 --- a/mdx/uk/ns_norm_export.xsl +++ b/mdx/uk/ns_norm_export.xsl @@ -1,93 +1,93 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + - - - - - - - + + + + + diff --git a/mdx/uk/ns_norm_export_preview.xsl b/mdx/uk/ns_norm_export_preview.xsl index 5bd6277d..0ddc1e1f 100644 --- a/mdx/uk/ns_norm_export_preview.xsl +++ b/mdx/uk/ns_norm_export_preview.xsl @@ -1,93 +1,93 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + - - - - - - - + + + + + diff --git a/mdx/uk/ns_norm_fragment.xsl b/mdx/uk/ns_norm_fragment.xsl index 8739efa1..1402c135 100644 --- a/mdx/uk/ns_norm_fragment.xsl +++ b/mdx/uk/ns_norm_fragment.xsl @@ -1,84 +1,84 @@ - - - - + - - - + + - + - + - - - - - - - - - - - - + + + + + + + + + + + + + diff --git a/mdx/uk/ns_norm_test.xsl b/mdx/uk/ns_norm_test.xsl index 2a8865c8..3f930240 100644 --- a/mdx/uk/ns_norm_test.xsl +++ b/mdx/uk/ns_norm_test.xsl @@ -1,120 +1,120 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + diff --git a/mdx/uk/ns_norm_uk.xsl b/mdx/uk/ns_norm_uk.xsl index 8b8bd5ce..dca0f099 100644 --- a/mdx/uk/ns_norm_uk.xsl +++ b/mdx/uk/ns_norm_uk.xsl @@ -1,120 +1,120 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + diff --git a/mdx/uk/scopes_copy.xsl b/mdx/uk/scopes_copy.xsl index c9a0de6c..c97e12e5 100644 --- a/mdx/uk/scopes_copy.xsl +++ b/mdx/uk/scopes_copy.xsl @@ -1,22 +1,22 @@ - - + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/uk/statistics.xsl b/mdx/uk/statistics.xsl index e2698021..c79539fb 100644 --- a/mdx/uk/statistics.xsl +++ b/mdx/uk/statistics.xsl @@ -1173,16 +1173,16 @@ - +   * diff --git a/mdx/uk/strip_extensions.xsl b/mdx/uk/strip_extensions.xsl index f8899e5a..176baabb 100644 --- a/mdx/uk/strip_extensions.xsl +++ b/mdx/uk/strip_extensions.xsl @@ -1,55 +1,55 @@ - - - - - - - - - - - - - - - - - - - - - - - - + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ukfedlabel="http://ukfederation.org.uk/2006/11/label" + + xmlns:exsl="http://exslt.org/common" + extension-element-prefixes="exsl" + + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + exclude-result-prefixes="md"> + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mdx/uk/strip_sirtfi_contacts.xsl b/mdx/uk/strip_sirtfi_contacts.xsl index daa51068..659847dd 100644 --- a/mdx/uk/strip_sirtfi_contacts.xsl +++ b/mdx/uk/strip_sirtfi_contacts.xsl @@ -1,34 +1,34 @@ + xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + exclude-result-prefixes="md"> - - - + + + - - - - + + + + - - - - - - + + + + + + diff --git a/mdx/us_incommon/beans.xml b/mdx/us_incommon/beans.xml index 2c132199..8d99949b 100644 --- a/mdx/us_incommon/beans.xml +++ b/mdx/us_incommon/beans.xml @@ -45,7 +45,7 @@ InCommon signing certificate. --> + p:resource="classpath:us_incommon/inc-md-cert.pem"/> - + + + diff --git a/utilities/2016-09-16/gen-ukid-to-name.xsl b/utilities/2016-09-16/gen-ukid-to-name.xsl index 3df2bd3b..0cd3ba9f 100644 --- a/utilities/2016-09-16/gen-ukid-to-name.xsl +++ b/utilities/2016-09-16/gen-ukid-to-name.xsl @@ -1,19 +1,19 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - + - - - - - - + + + + + + - - - + + + diff --git a/utilities/2016-10-06/gen-id-to-name.xsl b/utilities/2016-10-06/gen-id-to-name.xsl index a2c477cc..4f1d0a7b 100644 --- a/utilities/2016-10-06/gen-id-to-name.xsl +++ b/utilities/2016-10-06/gen-id-to-name.xsl @@ -1,19 +1,19 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - + - - - - - - + + + + + + - - - + + + diff --git a/utilities/2017-02-27/listHideFromWAYFandEA.xsl b/utilities/2017-02-27/listHideFromWAYFandEA.xsl index fcd27029..44d25f20 100644 --- a/utilities/2017-02-27/listHideFromWAYFandEA.xsl +++ b/utilities/2017-02-27/listHideFromWAYFandEA.xsl @@ -9,8 +9,8 @@ + [md:Extensions/mdattr:EntityAttributes] + [md:Extensions/wayf:HideFromWAYF]">