detecting those empty metadata elements

Peter Schober peter.schober at
Fri May 22 15:09:21 UTC 2020

* Cantor, Scott <cantor.2 at> [2020-05-21 14:02]:
> Among other "non-ideal" suggestions, the SP will detect them
> somewhat more gracefully as well (and the message is somewhat
> targeted).

FWIW, I used to instrument the Shib SP to try to load metadata in a
pre-commit hook (on an SVN server) as a last line of defense, after
having already checked with (in order of checking speed, failing
fatally at the first error) xmlwf, xmllint and XmlSecTool.
So if the SP wasn't happy with the metadata you couldn't even commit
the change.

Decentralised version control kind of took the fun out of this (unless
you move this to the client) but I guess I could re-add that to a
CI/CD checking pipeline after the fact (git commit + push).

Of course looping over all files in a folder and having a command line
tool fail on (SAML-, not "just" XSD-)invalid ones would still be much


More information about the users mailing list