StatusMessage bypass

tredrad at outlook.com tredrad at outlook.com
Mon Oct 3 19:52:02 UTC 2022


Hello everyone,
it's my first time writing to this mailing list, so I hope I'm not messing this up.
Anyway, I'm seeking advice on a quite specific problem.

Having an operational Shibboleth SP 3.2.2 installation, we were asked to add a new IdP.
We were able to federate the new IdP, but an issue came up with their SamlResponse.
In particular, getting back the SamlResponse from the new IdP, Shibboleth reports to us this error: StatusMessage must have TextContent. (xmltooling ValidationException)

Here's the Status section from the failing SamlResponse:

<saml2p:Status>
      <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>             <saml2p:StatusMessage/>
</saml2p:Status>

Having a look online I couldn't find any help on my issue, and as far as I have understood StatusMessage is supposed to be a non-nullable simple type.
My question is: acknowledging that doing so might not be conforming or 100% compliant to the SAML specs, is there a way to "safely" bypass that check?

I've tried digging the xmltooling docs as it's a ValidationException but I couldn't find anything useful, but I might have missed something so.

Thanks in advance!
Best regards,
Simone.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221003/f3389ce5/attachment.htm>


More information about the users mailing list