New CAS metadata support in 3.4
Paul B. Henson
henson at cpp.edu
Wed Nov 28 16:33:24 EST 2018
> From: Cantor, Scott
> Sent: Wednesday, November 28, 2018 11:50 AM
>
> Apply the SchemaValidation filter to the metadata source if you want it to
> detect that sort of thing.
Cool, thanks for the pointer; I would definitely prefer to catch things that aren't going to work before they don't work :). Maybe a mention of this would be a good candidate for inclusion on this page?
https://wiki.shibboleth.net/confluence/display/IDP30/MetadataManagementBestPractices
At first I got a bit confused because it complained about the KeyDescriptor stanza:
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'KeyDescr
iptor'. One of '{"http://www.w3.org/2000/09/xmldsig#":Signature, "urn:oasis:names:tc:SAML:2.0:metadata":Extensions, "urn:oa
sis:names:tc:SAML:2.0:metadata":RoleDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":IDPSSODescriptor, "urn:oasis:names:t
c:SAML:2.0:metadata":SPSSODescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":AuthnAuthorityDescriptor, "urn:oasis:names:tc:
SAML:2.0:metadata":AttributeAuthorityDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":PDPDescriptor, "urn:oasis:names:tc:
SAML:2.0:metadata":AffiliationDescriptor}' is expected.
but then I realized I had it in the wrong place per the schema, and after fixing that, it gave an obvious error about what was wrong with the KeyInfo part:
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'KeyInfo'. One of '{"http://www.w3.org/2000/09/xmldsig#":KeyInfo}' is expected.
More information about the users
mailing list