XMLSecTool metadata validation problem because of soap/envelope https redirect

Ian Young ian at iay.org.uk
Mon Apr 11 12:43:52 UTC 2022

> On 2022-04-11, at 13:12, Cantor, Scott via users <users at shibboleth.net> wrote:
> That would be a bug, xmlsectool shouldn't need to be goong anywhere for anything. Network lookup is just inherently a bad idea.

To be clear, xmlsectool here is just doing what the OP said on the command line it should do:

> On 2022-04-11, at 13:03, ulrich.leodolter at obvsg.at wrote:
> # xmlsectool.sh --validateSchema --schemaDirectory /usr/share/xml/opensaml --inFile md.xml

If the schemas you ask it to use reference public URLs, network access will be required.

If you need a collection of "clean" schemas that don't require network access, one source is here:


Hope that helps,

    -- Ian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220411/dfd9ffc2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220411/dfd9ffc2/attachment.p7s>

More information about the users mailing list