XMLSecTool metadata validation problem because of soap/envelope https redirect
Ian Young
ian at iay.org.uk
Mon Apr 11 12:43:52 UTC 2022
> On 2022-04-11, at 13:12, Cantor, Scott via users <users at shibboleth.net> wrote:
>
> That would be a bug, xmlsectool shouldn't need to be goong anywhere for anything. Network lookup is just inherently a bad idea.
To be clear, xmlsectool here is just doing what the OP said on the command line it should do:
> On 2022-04-11, at 13:03, ulrich.leodolter at obvsg.at wrote:
>
> # xmlsectool.sh --validateSchema --schemaDirectory /usr/share/xml/opensaml --inFile md.xml
If the schemas you ask it to use reference public URLs, network access will be required.
If you need a collection of "clean" schemas that don't require network access, one source is here:
https://github.com/ukf/ukf-meta/tree/master/mdx/schema
Hope that helps,
-- Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220411/dfd9ffc2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220411/dfd9ffc2/attachment.p7s>
More information about the users
mailing list