xmlsectool failure

Tom Scavo trscavo at gmail.com
Fri Sep 9 16:01:47 BST 2011

On Fri, Sep 9, 2011 at 10:20 AM, Liam Hoekenga <liamr at umich.edu> wrote:
> I'm trying to validate some metadata using xmlsectool.
> ./xmlsectool.sh --validateSchema \
> --schemaDirectory=/usr/share/xml \
> --inFile=/home/liamr/InCommon-metadata.xml

This seems to be the Question of the Week :-)

> The error I'm getting is..
> ERROR XmlSecTool - Invalid XML schema files, unable to validate XML
> org.xml.sax.SAXParseException: schema_reference.4: Failed to read
> schema document 'saml-schema-assertion-2.0.xsd', because 1) could not
> find the document; 2) the document could not be read; 3) the root
> element of the document is not <xsd:schema>.
> I'm using Sun java 1.6.0_27 on CentOS.
> I've tried multiple versions of xmlsectool (1.1.4 and 1.1.5).
> I've tried pointing it both at the system collection of schema docs,
> and a copy I made specifically for xmlsectool that only contains that
> opensaml, shibboleth and xmltooling definitions.

I'd be curious to know if the set of schema files linked on this page
works for you:


We've been playing around with this for almost a week now. Not sure if
the above helps, but it's worth a try.

> Using strace, I can see that it does locate
> saml-schema-assertion-2.0.xsd, and that it's readable, so I'm guessing
> the problem is option 3?
> I've tried it on locally generated metadata and the InCommon metadata
> to the same result.
> What am I missing?

I don't think you're missing anything. The load order of schema files
is (unfortunately) indeterminate, so sometimes it works and sometimes
it doesn't.


More information about the users mailing list