xmlsectool failure

Peter Schober peter.schober at univie.ac.at
Fri Sep 9 16:08:16 BST 2011

* Liam Hoekenga <liamr at umich.edu> [2011-09-09 16:20]:
> I've tried multiple versions of xmlsectool (1.1.4 and 1.1.5).
> I've tried pointing it both at the system collection of schema docs,  
> and a copy I made specifically for xmlsectool that only contains that  
> opensaml, shibboleth and xmltooling definitions.

Try calling it with --logConfig /path/to/some/logback.xml
supplying a logback config snippet and setting the log level for root
(or only for the class org.opensaml.xml.schema.SchemaBuilder) to
DEBUG. Then look for lines starting with "Building W3 XML Schema from
file/directory" and "Added schema source".

Here's a minimal sample logback config snippet doing just that:

    <logger name="org.opensaml.xml.schema.SchemaBuilder" level="DEBUG" />
    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
            <pattern>%d{HH:mm:ss} [%level] %msg%n</pattern>
    <root level="INFO">
        <appender-ref ref="STDOUT" />

> I'm trying to validate some metadata using xmlsectool.
> ./xmlsectool.sh --validateSchema \
> --schemaDirectory=/usr/share/xml \
> --inFile=/home/liamr/InCommon-metadata.xml

Jfyi, for comparison (with 1.1.4, didn't update the srpm yet):

$ wget http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
$ /usr/bin/xmlsectool \
--validateSchema \
--schemaDirectory=/usr/local/share/xml/schemas/ \
INFO  XmlSecTool - Reading XML document from file 'InCommon-metadata.xml'
INFO  XmlSecTool - XML document parsed and is well-formed.
INFO  XmlSecTool - XML document is schema valid

$ ls -l /usr/local/share/xml/schemas/
-rw-r--r-- 1 root root 12846 May 30 12:36 saml-schema-assertion-2.0.xsd
-rw-r--r-- 1 root root 16121 May 30 12:37 saml-schema-metadata-2.0.xsd
-rw-r--r-- 1 root root  5555 Aug 10  2008 xenc-schema.xsd
-rw-r--r-- 1 root root 10293 Feb  8  2002 xmldsig-core-schema.xsd
-rw-r--r-- 1 root root  5829 Aug 10  2008 xml.xsd

The two with change dates this year in May are hacked to replace the
w3.org URLs in the import/@schemaLocation attribute with local file URIs.

You did check that the schema files you references are correct?

More information about the users mailing list