Metadata signature accepted by xmlsectool, not by SP

Ian Bobbitt ibobbitt at
Tue May 10 10:53:56 EDT 2016

On 5/9/16 5:15 PM, Cantor, Scott wrote:
>> Even if my script is wrong, shouldn't I be able to validate the output from
>> xmlsectool with the SP?
> Normally.
>> Is there something better I should be using for managing this?
> I'm just answering your question about the SP. You can file a bug, and wait for me to investigate, likely a few weeks. Or not. There's really nothing else I can do about it not verifying. It may be totally obvious or totally non-obvious in hindsight, I don't know.
> The only debugging tool I have is the signature logging category, which you can turn up to get a log of the octet streams it's digesting and comparing, but you have to know the specs in depth to do much with it. It's much easier to check on a smaller sample than a large file.
> -- Scott

I went over everything again, and finally got it to work. The errors I was getting are misleading.

Making the change below let it pass the checks. I would have expected an error about the schema failing validation, not
the signature failing.

- <shibmd:Scope></shibmd:Scope>
+ <shibmd:Scope regexp="false"></shibmd:Scope>

More information about the users mailing list