Fix sam2int and shibboleth predicates

ukf · Feb 5, 2024 · 990521d · 990521d
1 parent 7613d75
commit 990521d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/validators/overlays/all/classes/_rules/check_saml2int.xsl b/validators/overlays/all/classes/_rules/check_saml2int.xsl
@@ -32,8 +32,10 @@
     <xsl:template match="md:SPSSODescriptor
         [contains(@protocolSupportEnumeration, 'urn:oasis:names:tc:SAML:2.0:protocol')]
         [md:NameIDFormat]
-        [not(md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'])]
-        [not(md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'])]">
+        [not(
+            (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']) or 
+            (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'])
+        )]">
         <xsl:call-template name="error">
             <xsl:with-param name="m">SP excludes both SAML 2 name identifier formats</xsl:with-param>
         </xsl:call-template>

diff --git a/validators/overlays/all/classes/_rules/check_shibboleth.xsl b/validators/overlays/all/classes/_rules/check_shibboleth.xsl
@@ -36,8 +36,10 @@
         We perform a very cursory test for this by insisting that they start with
         either "http://" or "https://".
     -->
-    <xsl:template match="md:OrganizationURL[not(starts-with(., 'http://'))]
-        [not(starts-with(., 'https://'))]">
+    <xsl:template match="md:OrganizationURL[not(
+            (starts-with(., 'http://')) or 
+            (starts-with(., 'https://'))
+        )]">
         <xsl:call-template name="error">
             <xsl:with-param name="m">OrganizationURL '<xsl:value-of select="."/>' does not start with acceptable prefix</xsl:with-param>
         </xsl:call-template>