Adding "saml" namespace to MetadataProvider
Michael A Grady
mgrady at unicon.net
Tue Oct 1 15:17:30 EDT 2019
FYI, so that strategies like this ( https://spaces.at.internet2.edu/x/gYA5CQ ) work, and entity attribute filter rules in general, I think you want to add (you may already have done so) the saml namespace definition by default into the provided metadata-providers.xml file with the IdP distribution. I.e. adjust it to something like this:
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
xmlns:resource="urn:mace:shibboleth:2.0:resource"
xmlns:security="urn:mace:shibboleth:2.0:security"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
p.s. I did add a comment to the bottom of that wiki page noting one needed to add the saml namespace definition in order for the example to work.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users
mailing list