XMLSecTool metadata validation problem because of soap/envelope https redirect

[ulrich.leodolter at obvsg.at]

Hello,

About two weeks ago xmlsectool fails on saml 2 metadata validaton.  After analyzing network traffic it turns out that the redirection if http://schemas.xmlsoap.org/soap/envelope/ to https is the problem.  

After i modified /usr/share/xml/opensaml/saml-schema-ecp-2.0.xsd and used https for soap/envelope it validates without problems.

    <import namespace="http://schemas.xmlsoap.org/soap/envelope/"
        schemaLocation="https://schemas.xmlsoap.org/soap/envelope/"/>


Below is the ERROR shown without modifying saml-schema-ecp-2.0.xsd,  i also tried to copy /usr/share/xml/xmltooling/*.* into /usr/share/xml/opensaml, but that did not solve the problem.

Is the redirect on http://schemas.xmlsoap.org/soap/envelope/ ok or should it be accessible without redirect?

Best regards
Ulrich


# curl -v http://schemas.xmlsoap.org/soap/envelope/
* About to connect() to schemas.xmlsoap.org port 80 (#0)
*   Trying 13.107.213.44...
* Connected to schemas.xmlsoap.org (13.107.213.44) port 80 (#0)
> GET /soap/envelope/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: schemas.xmlsoap.org
> Accept: */*
> 
< HTTP/1.1 307 Temporary Redirect
< Location: https://schemas.xmlsoap.org/soap/envelope/
< X-Azure-Ref: 0fhhUYgAAAADIAjIu0KHnTbLy8wq1a07+VklFRURHRTA3MDgAYTBkMGJkM2QtZmQ2Yi00MDczLThkMmYtYzA2ZWMzM2QxNWNl
< Date: Mon, 11 Apr 2022 12:01:02 GMT
< Content-Length: 0
< 
* Connection #0 to host schemas.xmlsoap.org left intact

# rpm -qa |grep schemas
xmltooling-schemas-3.2.1-1.x86_64
opensaml-schemas-3.2.1-1.x86_64

# export JVMOPTS='-Djavax.xml.accessExternalDTD=all'
# xmlsectool.sh --validateSchema --schemaDirectory /usr/share/xml/opensaml --inFile md.xml
INFO  XMLSecTool - Reading XML document from file 'md.xml'
INFO  XMLSecTool - XML document parsed and is well-formed.
ERROR SchemaBuilder - XML Parsing Error
ERROR XMLSecTool - Invalid XML schema files, unable to validate XML
org.xml.sax.SAXParseException: Premature end of file.
	at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)
	at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
	at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.opti.SchemaParsingConfig.parse(SchemaParsingConfig.java:640)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.opti.SchemaParsingConfig.parse(SchemaParsingConfig.java:696)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.opti.SchemaDOMParser.parse(SchemaDOMParser.java:530)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.getSchemaDocument(XSDHandler.java:2226)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.resolveSchema(XSDHandler.java:2128)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.constructTrees(XSDHandler.java:1049)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.parseSchema(XSDHandler.java:652)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:617)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:576)
	at java.xml/com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar(XMLSchemaLoader.java:542)
	at java.xml/com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory.newSchema(XMLSchemaFactory.java:276)
	at net.shibboleth.utilities.java.support.xml.SchemaBuilder.buildSchema(SchemaBuilder.java:335)
	at net.shibboleth.tool.xmlsectool.SchemaValidator.<init>(SchemaValidator.java:76)
	at net.shibboleth.tool.xmlsectool.XMLSecTool.schemaValidate(XMLSecTool.java:335)
	at net.shibboleth.tool.xmlsectool.XMLSecTool.main(XMLSecTool.java:145)


--
Ulrich Leodolter <ulrich.leodolter at obvsg.at>
Leitung Abteilung Betrieb und Technische Betreuung

Oesterreichische Bibliothekenverbund und Service GmbH
Raimundgasse 1/3, A-1020 Wien

Fax: +43 1 4035158-30
Tel: +43 1 4035158-21
Web: https://www.obvsg.at