detecting those empty metadata elements

Ian Young ian at
Thu May 21 08:03:16 UTC 2020

> On 2020-05-20, at 23:37, Jim Fox <fox at> wrote:
> Our local metadata file got hit with that invalid due to empty elements error.  My first fix was to split it into a local dynamic metadata directory (about 2K files).  That gets me past the error for most everyone, but how do I find which files have the error? Or where in the mass of them the error occurs.  I run the xmlsectool (v 2.0.0) and it says everything is fine.  Is there a better tester?

I don't think there's anything out there that is directly intended as a checker for this. Of course the reason xmlsectool doesn't see this problem is that the most it does is schema validity checks, and this particular aspect of SAML isn't encoded in the schema.

The UK federation performs this check on its registered and imported metadata through a Shibboleth Metadata Aggregator configuration. That's available on GitHub, but it's not the most approachable thing in the world and unfortunately this check does depend on some custom code I haven't upstreamed to the Shibboleth implementation yet.

If you wanted to zip up your directory of individual files and make it available to me, I could probably do a one-off dirty check for you in a few minutes.

    -- Ian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <>

More information about the users mailing list