Metadata signature accepted by xmlsectool, not by SP
Ian Bobbitt
ibobbitt at grnoc.iu.edu
Tue May 10 10:53:56 EDT 2016
On 5/9/16 5:15 PM, Cantor, Scott wrote:
>> Even if my script is wrong, shouldn't I be able to validate the output from
>> xmlsectool with the SP?
>
> Normally.
>
>> Is there something better I should be using for managing this?
>
> I'm just answering your question about the SP. You can file a bug, and wait for me to investigate, likely a few weeks. Or not. There's really nothing else I can do about it not verifying. It may be totally obvious or totally non-obvious in hindsight, I don't know.
>
> The only debugging tool I have is the signature logging category, which you can turn up to get a log of the octet streams it's digesting and comparing, but you have to know the specs in depth to do much with it. It's much easier to check on a smaller sample than a large file.
>
> -- Scott
>
I went over everything again, and finally got it to work. The errors I was getting are misleading.
Making the change below let it pass the checks. I would have expected an error about the schema failing validation, not
the signature failing.
- <shibmd:Scope>grnoc.iu.edu</shibmd:Scope>
+ <shibmd:Scope regexp="false">grnoc.iu.edu</shibmd:Scope>
More information about the users
mailing list