elerch
commented
9 years ago I've seen this happen with poorly implemented verification checks. They don't honor the default namespace in the XML generated (note that the root element contains xmlns="urn:oasis:names:tc:SAML:2.0:metadata"). They then assume that child elements are not namespaced correctly.
The metadata generation code was carried over from the original project and I haven't worked too much with it. While the metadata is valid AFAIK (and the project is being used in production using the metadata generation as is), I'd definitely entertain a PR since I have seen it confuse poorly written IDPs. You'd want to start by looking at the core project in the Saml20MetadataDocument class, ToXml method. From there you'd need to tweak the root namespace on the doc, but there might be ripple effects.
It seems like the metadata your package provides does not really follow the standard.
SimpleSamlPHP metadata
Metadata of Owin.Security.Saml
The SimpleSaml implementation seems to use
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"as namespaces. Most elements are prepended with<md:like<md:EntityDescriptor ......>, is this something we could fix in the source? No idea where to start.Our third party identity provider states that our metadata (from your package) is not correct.