Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4078

Invalid metadata file error when trying to import picketlink idp metadata file

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 11.0.1
    • Fix Version/s: None
    • Component/s: CLI
    • Environment:
      Any
    • Rank:
      1|hzohaf:

      Description

      Issue importing the picketlink idp metadata file. (The error shown was “Invalid metadata file.”, and the error in the log file was “

      {urn:oasis:names:tc:SAML:2.0:metadata}

      :KeyDescriptor”).

      Turns out that the saml2 metadata xml schema technically specifies an order to the xml elements for IDPSSODescriptorType.

      http://www.schemacentral.com/sc/ulex20/t-md_IDPSSODescriptorType.html

      (we had pulled that idp metadata file from the shibboleth2 SP and shibboleth didn’t complain. However, technically it should have if it had validated the xml).

      After fixing up the order of the elements, the IDP metadata was successfully imported.

      Other vendors accepted performed the import without errors.

      I sanitized the attached xml file. Although I did leave in the IDP's cert.

        Attachments

          Activity

            People

            • Assignee:
              FatBloke Andy Hall
              Reporter:
              ericson.paul@gmail.com Paul Ericson [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: