mauromol
commented
3 years ago Hi @cpbradb do you see any warning in the logs prefixed by "Error executing validateXML: " or by "Errors found when validating SAML response with schema: "?
Closed cpbradb closed 3 years ago
mauromol
commented
3 years ago Hi @cpbradb do you see any warning in the logs prefixed by "Error executing validateXML: " or by "Errors found when validating SAML response with schema: "?
cpbradb
commented
3 years ago I figured it out... sorry to bother.
cpbradb
commented
3 years ago Hi,
I figured it out. The schemas were not in the JAR file when I built it from my eclipse project, but when I switched over to the one built in Maven on my linux box it worked properly.
Thanks for the quick response!
Brad
On 6/9/2021 11:24 AM, Mauro Molinari wrote:
Hi @cpbradb https://github.com/cpbradb do you see any warning in the logs prefixed by "Error executing validateXML: " or by "Errors found when validating SAML response with schema: "?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/onelogin/java-saml/issues/347#issuecomment-857798881, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATYA2JUMEO4WRD6Z7UYPDVDTR6BRBANCNFSM46MGCB2A.
sysmat
commented
3 years ago @cpbradb I'm new to this lib, and how do you solve the problem?
whish xsd you used to fix the problem
sysmat
commented
3 years ago Saml2Settings has no configuration for schema, so how I feed Saml2Settings class with xsd schema for saml2
sysmat
commented
3 years ago <md:ContactPerson2 contactType="support">
<md:GivenName2>Andrej</md:GivenName2>
</md:ContactPerson2>I can have this fake in metadata and Saml2Settings.validateMetadata(metadata); and will validate as ok
sysmat
commented
3 years ago if I use this online validator https://www.samltool.com/validate_xml.php it will fail with fake tag in metadata
mauromol
commented
3 years ago Sounds strange... That method should return a valuation error if the generated metadata does not validate against the schema. How did you add that fake tag to the generated output?
sysmat
commented
3 years ago public static void main(String[] args) {
String metadata = "<md:EntityDescriptor xmlns:disco=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:mdrpi=\"urn:oasis:names:tc:SAML:metadata:rpi\" xmlns:mdui=\"urn:oasis:names:tc:SAML:metadata:ui\" xmlns:req=\"urn:oasis:names:tc:SAML:profiles:SSO:request-init\" ID=\"_0704c767a0967a3eb595a66c7080309403c7522f\" entityID=\"https://1002.gvs.arnes.si/sp1/20111216\">\n" +
" <md:Extensions>\n" +
" <mdrpi:RegistrationInfo registrationAuthority=\"http://aai.arnes.si\" registrationInstant=\"2011-12-16T00:12:00Z\">\n" +
" <mdrpi:RegistrationPolicy xml:lang=\"en\">https://aai.arnes.si/static/doc/ArnesAAI_general.pdf</mdrpi:RegistrationPolicy>\n" +
" <mdrpi:RegistrationPolicy xml:lang=\"sl\">https://aai.arnes.si/static/doc/ArnesAAI_splosni_pogoji.pdf</mdrpi:RegistrationPolicy>\n" +
" </mdrpi:RegistrationInfo>\n" +
" </md:Extensions>\n" +
" <md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol\">\n" +
" <md:Extensions>\n" +
" <req:RequestInitiator Binding=\"urn:oasis:names:tc:SAML:profiles:SSO:request-init\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/Login\"/>\n" +
" <req:RequestInitiator Binding=\"urn:oasis:names:tc:SAML:profiles:SSO:request-init\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/WAYF\"/>\n" +
" <req:RequestInitiator Binding=\"urn:oasis:names:tc:SAML:profiles:SSO:request-init\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/DS\"/>\n" +
" <disco:DiscoveryResponse Binding=\"urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/DS\" index=\"1\"/>\n" +
" <mdui:UIInfo>\n" +
" <mdui:DisplayName xml:lang=\"en\">SIO GVS</mdui:DisplayName>\n" +
" <mdui:DisplayName xml:lang=\"sl\">SIO GVS</mdui:DisplayName>\n" +
" <mdui:Description xml:lang=\"en\">LMS and CMS</mdui:Description>\n" +
" <mdui:Description xml:lang=\"sl\">LMS in CMS</mdui:Description>\n" +
" <mdui:Keywords xml:lang=\"en\">SIO GVS</mdui:Keywords>\n" +
" <mdui:Keywords xml:lang=\"sl\">SIO GVS</mdui:Keywords>\n" +
" <mdui:InformationURL xml:lang=\"en\">http://1002.gvs.arnes.si</mdui:InformationURL>\n" +
" <mdui:InformationURL xml:lang=\"sl\">http://1002.gvs.arnes.si</mdui:InformationURL>\n" +
" <mdui:PrivacyStatementURL xml:lang=\"en\">http://1002.gvs.arnes.si/privacy</mdui:PrivacyStatementURL>\n" +
" <mdui:PrivacyStatementURL xml:lang=\"sl\">http://1002.gvs.arnes.si/privacy</mdui:PrivacyStatementURL>\n" +
" </mdui:UIInfo>\n" +
" </md:Extensions>\n" +
" <md:KeyDescriptor>\n" +
" <ds:KeyInfo>\n" +
" <ds:KeyName>1002.gvs.arnes.si</ds:KeyName>\n" +
" <ds:X509Data><ds:X509SubjectName>CN=1002.gvs.arnes.si</ds:X509SubjectName><ds:X509Certificate>MIIC+jCCAeKgAwIBAgIJAOC66vA75wT5MA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNVBAMTETEwMDIuZ3ZzLmFybmVzLnNpMB4XDTExMTIxNjExMjgzMVoXDTIxMTIxMzExMjgzMVowHDEaMBgGA1UEAxMRMTAwMi5ndnMuYXJuZXMuc2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4oJ4RlXQpdGdV+0K64y4fYxXF04FxYLl0FC0YgxdXpvWXFRVQ5b8T+x1G1HS285GmX5QnKMHDsYV7yzoPjcUuutRXuK4PH080A7PPwxSHRqmFmZKai0CJdHgsbygymibhJ1LmG6/10cKdgd/nbd5Jd/ZPb4MQIZnWJjJm0S8JpGmywc/bHbKhBmGiqsJFQBKFzRS2f2lqe3fUlYAL+9AipoyBvIA/E4xpXyehPTn5/JLu3XjLJGxVZpzvOO7u+GpxfUzsa4ld6rr5nVQROKAehTjqJb2gvcJcItguYCMsfelQ61JlmSjnZT4b2gFOoJvVPHOiYQkGrHm+3ZqHFJLPAgMBAAGjPzA9MBwGA1UdEQQVMBOCETEwMDIuZ3ZzLmFybmVzLnNpMB0GA1UdDgQWBBQabkO7vaS+8iwSt30Kj0gqCKXStDANBgkqhkiG9w0BAQUFAAOCAQEANd6bnQ/UDGA+p7noAH0aDZRMAAGnS+PEiXzzwwIYFSPbHkTDF65Asi82VoObm6SoV1jmT+wWaKPctGXMHzsA0e7sCLniDySrgg/uzA74F2WNHS0pwLZYAFBw2925U/iXdzJHKBTkAalkHQD5VSOsRTW+P3+xaQBSAc/Tz+JrjuqrohfboGz3Zj3Qd+B9RuYxEGFlB/+pXI0no+ms6lgB9+QmGux7DTodvDf1wrLi0qdzRZ06YRvccZcMDZUjKc7aPd0/JcqdJDaAgBmv8MleQMthOgxo1wwmx2stKyOWUS0Qh8/Xy2c33p6Na2/SELVDh1hl60yu5HeVauBlLOOy9A==</ds:X509Certificate></ds:X509Data>\n" +
" </ds:KeyInfo>\n" +
" </md:KeyDescriptor>\n" +
" <md:ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/Artifact/SOAP\" index=\"1\"/>\n" +
" <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SLO/SOAP\"/>\n" +
" <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SLO/Redirect\"/>\n" +
" <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SLO/POST\"/>\n" +
" <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SLO/Artifact\"/>\n" +
" <md:ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/NIM/SOAP\"/>\n" +
" <md:ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/NIM/Redirect\"/>\n" +
" <md:ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/NIM/POST\"/>\n" +
" <md:ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/NIM/Artifact\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML2/POST\" index=\"1\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML2/POST-SimpleSign\" index=\"2\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML2/Artifact\" index=\"3\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:PAOS\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML2/ECP\" index=\"4\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:browser-post\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML/POST\" index=\"5\"/>\n" +
" <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:artifact-01\" Location=\"https://1002.gvs.arnes.si/Shibboleth.sso/SAML/Artifact\" index=\"6\"/>\n" +
" <md:AttributeConsumingService index=\"0\">\n" +
" <md:ServiceName xml:lang=\"en\">SIO GVS</md:ServiceName>\n" +
" <md:ServiceName xml:lang=\"sl\">SIO GVS</md:ServiceName>\n" +
" <md:ServiceDescription xml:lang=\"en\">LMS and CMS</md:ServiceDescription>\n" +
" <md:ServiceDescription xml:lang=\"sl\">LMS in CMS</md:ServiceDescription>\n" +
" <md:RequestedAttribute Name=\"schacHomeOrganization\"/>\n" +
" <md:RequestedAttribute Name=\"displayName\"/>\n" +
" <md:RequestedAttribute Name=\"eduPersonTargetedID\"/>\n" +
" <md:RequestedAttribute Name=\"mail\"/>\n" +
" <md:RequestedAttribute Name=\"cn\"/>\n" +
" <md:RequestedAttribute Name=\"givenName\"/>\n" +
" <md:RequestedAttribute Name=\"eduPersonPrincipalName\"/>\n" +
" <md:RequestedAttribute Name=\"eduPersonAffiliation\"/>\n" +
" <md:RequestedAttribute Name=\"sn\"/>\n" +
" <md:RequestedAttribute Name=\"schacExpiryDate\"/>\n" +
" <md:RequestedAttribute Name=\"eduPersonPrimaryAffiliation\"/>\n" +
" </md:AttributeConsumingService>\n" +
" </md:SPSSODescriptor>\n" +
" <md:Organization>\n" +
" <md:OrganizationName xml:lang=\"en\">Akademska in raziskovalna mreža Slovenije</md:OrganizationName>\n" +
" <md:OrganizationName xml:lang=\"sl\">Akademska in raziskovalna mreža Slovenije</md:OrganizationName>\n" +
" <md:OrganizationDisplayName xml:lang=\"en\">Akademska in raziskovalna mreža Slovenije</md:OrganizationDisplayName>\n" +
" <md:OrganizationDisplayName xml:lang=\"sl\">Akademska in raziskovalna mreža Slovenije</md:OrganizationDisplayName>\n" +
" <md:OrganizationURL xml:lang=\"en\">http://www.arnes.si</md:OrganizationURL>\n" +
" <md:OrganizationURL xml:lang=\"sl\">http://www.arnes.si</md:OrganizationURL>\n" +
" </md:Organization>\n" +
" <md:ContactPerson contactType=\"technical\">\n" +
" <md:GivenName>myname</md:GivenName>\n" +
" <md:SurName>myname</md:SurName>\n" +
" <md:EmailAddress>mailto:myname@gmail.com</md:EmailAddress>\n" +
" </md:ContactPerson>\n" +
" <md:ContactPerson contactType=\"administrative\">\n" +
" <md:GivenName>myname</md:GivenName>\n" +
" <md:SurName>myname</md:SurName>\n" +
" <md:EmailAddress>mailto:myname@gmail.com</md:EmailAddress>\n" +
" </md:ContactPerson>\n" +
" <md:ContactPerson2 contactType=\"support\">\n" +
" <md:GivenName>myname</md:GivenName>\n" +
" <md:EmailAddress>mailto:myname@gmail.com</md:EmailAddress>\n" +
" </md:ContactPerson2>\n" +
"</md:EntityDescriptor>";
try {
Saml2Settings.validateMetadata(metadata);
System.out.println("validation ok");
} catch (Exception ex) {
System.err.println("error validating");
}
}<dependency>
<groupId>com.onelogin</groupId>
<artifactId>java-saml-core</artifactId>
<version>2.6.0</version>
</dependency>@mauromol
validateMetadata use this xsd's for validation but it is notsysmat
commented
3 years ago @mauromol I think this static method validateMetadata have a bug or I'm using it wrong
cpbradb
commented
3 years ago The validateMetadata method (as I use it) checks the metadata generated by the Saml2Settings class, based on the configuration options, against the schema stored in the classpath (checked in at \main\resources\schemas). The problem I was having was that in the eclipse built version of the library, the schemas were not being incorporated into the jar file properly. When I switched to using a maven built version of the jar, the build config placed them in the proper place in the jar, and it worked. I haven't tried what you are trying to do.
mauromol
commented
3 years ago @sysmat please look at the Javadoc: the validate method is not supposed to throw an exception when there's a validation error.
sysmat
commented
3 years ago sysmat
commented
3 years ago metadataDocument = Util.loadXML(metadataString); // this throwssysmat
commented
3 years ago Line: 84 | Column: 0 --> Element '{urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson2': This element is not expected. Expected is one of ( {urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson, {urn:oasis:names:tc:SAML:2.0:metadata}AdditionalMetadataLocation ).
sysmat
commented
3 years ago Saml2Settings.validateMetadata return list of errors, but in console I see [Fatal Error] message, this should be in the list of errors
[Fatal Error] :88:3: The element type "md:ContactPerson" must be terminated by the matching end-tag "</md:ContactPerson>". Invalid SAML Metadata. Not match the saml-schema-metadata-2.0.xsd
I am using this library and am having an issue. I am using dynamic settings, and am going exactly as described in the readme... I am setting every config item in the example config file. When the code calls Saml2Settings.validateMetadata(metadata); I am getting the following error:
Invalid SAML Metadata. Not match the saml-schema-metadata-2.0.xsd
When I comment out that line, and have it just print the metadata output, I get meta.txt
I am not sure what to do at this point. Is there someone I can email and send code samples?