Shibboleth SP, Azure AD IDP - no metadata found.

Peter Schober peter.schober at
Thu Jul 5 06:25:52 EDT 2018

* Dan MacMillan <danm at> [2018-07-05 00:17]:
> Thanks. I don't know how I would install these though.

You'd copy the missing schema file to a place the software is looking
for them?

> As I understand it, this is optional? Validation helps me from
> shooting myself in the foot but it won't prevent the system from
> working -- assuming I myself make sure it is valid, correct?

I don't follow. Yes, validation can be disabled (as you have found out
yourself). But you've also found out that enabling validation *will*
prevent your system from working even if it is valid, at least in the
one case where certain use of extension schemas is being made that
will only validate successfully if you have the right XSD schema files
in place (which you didn't, because the Shibboleth software does not
ship those).

But it's hard to say anything useful about validation at the level of
the SAML implementation without knowing what metadata is being
consumed and how that is being curated.

Of course you can validate metadata in other ways, see
CONCEPT/MetadataCorrectness in the shibboleth wiki.
And if you're producing metadata yourself for others to consume you
better make sure it's schema-valid, of course.


More information about the users mailing list