[OPENAM-11268] SAML2 IDP metadata missing NameIDMappingService elements should not error on save Created: 13/Jun/17  Updated: 24/Jan/19  Resolved: 24/Jan/19

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 12.0.0, 13.0.0, 13.5.0, 14.0.0, 14.1.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Mark de Reeper Assignee: Sam Fraser
Resolution: Duplicate Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is duplicated by OPENAM-11937 Federation UI does not allow empty Na... Resolved
relates to OPENAM-11937 Federation UI does not allow empty Na... Resolved
Target Version/s:
Needs backport:
Support Ticket IDs:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
No (add reasons in the comment)


The NameIDMappingService element in the metadata of a remote IDP is not a required element according to the SAML2 spec and OpenAM loads IDP metadata without this element without issue but when in the Services tab of the loaded metadata and hitting Save, OpenAM shows an error box in the console:

Entity descriptor "idpentity" under realm "/" has invalid syntax.

Where idpentity is the entity ID of the loaded metadata and the following is seen in the container logs:

DefaultValidationEventHandler: [ERROR]: a required field "Location" is missing an object 

     Location:  obj: com.sun.identity.saml2.jaxb.metadata.impl.NameIDMappingServiceElementImpl@4653aaf2

To workaround this issue, add a URL into the "NameID Mapping" field at the bottom of the Services page (based on one of the values from the other service location entries) and Save.

Even without this workaround, the changes made to the Services page appear to be applied even though it generates the error.

Comment by Sam Fraser [ 24/Jan/19 ]

Duplicate of OPENAM-11937

Generated at Tue Nov 24 05:39:58 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.