From 990521d81935e56ca06c930391cc0ec588a2d0f3 Mon Sep 17 00:00:00 2001 From: Phil Smart Date: Thu, 18 Jan 2024 17:16:14 +0000 Subject: [PATCH] Fix sam2int and shibboleth predicates --- validators/overlays/all/classes/_rules/check_saml2int.xsl | 6 ++++-- validators/overlays/all/classes/_rules/check_shibboleth.xsl | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/validators/overlays/all/classes/_rules/check_saml2int.xsl b/validators/overlays/all/classes/_rules/check_saml2int.xsl index fcc1345..596c2fa 100644 --- a/validators/overlays/all/classes/_rules/check_saml2int.xsl +++ b/validators/overlays/all/classes/_rules/check_saml2int.xsl @@ -32,8 +32,10 @@ + [not( + (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']) or + (md:NameIDFormat[.='urn:oasis:names:tc:SAML:2.0:nameid-format:transient']) + )]"> SP excludes both SAML 2 name identifier formats diff --git a/validators/overlays/all/classes/_rules/check_shibboleth.xsl b/validators/overlays/all/classes/_rules/check_shibboleth.xsl index 12e87c7..a1b8370 100644 --- a/validators/overlays/all/classes/_rules/check_shibboleth.xsl +++ b/validators/overlays/all/classes/_rules/check_shibboleth.xsl @@ -36,8 +36,10 @@ We perform a very cursory test for this by insisting that they start with either "http://" or "https://". --> - + OrganizationURL '' does not start with acceptable prefix