CIE public SP metadata validation - VATNumber not recognized?

[lscorcia]

CIE SP metadata description at https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/federazione.html#informazioni-di-censimento-e-contatto mentions the VATNumber and FiscalCode attributes as mandatory for private SPs and optional for public ones. However when running spid_sp_test --metadata-url https://sso.mise.gov.it/sso-metadata/metadata-cieid --profile cie-sp-public I get the following error:

I guess either the XSD is missing those attributes or the mentioned specs are obsolete.

[peppelinux]

Ciao @lscorcia

from a quick look it seems to me that the problem is that you inserted the element vatnumber or fiscalnumber in a wrong position. Unfortunately the xsd scheme is very rigid on the position of the elements. If it is this we could update the manual in this regard. Let us know if it comes back to you

[lscorcia]

Well, the ##other directive would probably allow them if I put them at the end, but looking at the XSD file it seems like there are other differences to the published spec:

• For private SPs, FiscalCode and VATNumber are marked as minOccurs="0", while they should be present exactly once:

https://github.com/italia/spid-sp-test/blob/512a5beb38660d35d8c950737e73c7156b3ef53a/src/spid_sp_test/xsd/cie/cie.xsd#L27-L34

• For public SPs, the elements as described in the code above would be correct.

This leads me to think that maybe it's a copy/paste mistake in the XSD. The elements definition in the private section should actually be in the public one, and the private one should be corrected with minOccurs="1".

[peppelinux]

We're waiting for a PR from the authors of the XSD file

[PiemP]

I hope is the right way to report it. I have a similar issue on the NACE2Code tag:

ERROR:spid_sp_test.metadata:Test https://host.docker.internal:5001/metadata-cie/metadata.xml with saml-schema-metadata-sp-cie.xsd: failed validating <Element '{urn:oasis:names:tc:SAML:2.0:metadata}Extensions' at 0x7f7ae29af630> with XsdGroup(model='sequence', occurs=[1, 1]):

Reason: Unexpected child with tag 'cie:NACE2Code' at position 4. Tag 'cie:Municipality' expected.

Schema:

  <complexType xmlns="http://www.w3.org/2001/XMLSchema" name="ContactPersonSPExtensionType">
      <sequence>
          <choice>
              <group ref="cie:PublicGroup" maxOccurs="1" />
              <group ref="cie:PrivateGroup" maxOccurs="1" />
          </choice>
          <element ref="cie:Municipality" minOccurs="1" maxOccurs="1" />
          <element ref="cie:Province" minOccurs="0" maxOccurs="1" />
          <element ref="cie:Country" minOccurs="0" maxOccurs="1" />
          <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded" />
      </sequence>
  </complexType>

Instance:

  <md:Extensions xmlns:cie="https://www.cartaidentita.interno.gov.it/saml-extensions" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:p7="http://www.w3.org/2001/XMLSchema-instance"><cie:Public p7:type="q1:string" /><cie:IPACode>codiceIPA_SP</cie:IPACode><cie:IPACategory>categoriaIPA_SP</cie:IPACategory><cie:NACE2Code>CODICE_ATECO</cie:NACE2Code><cie:Municipality>CODICE_ISTAT_SEDE</cie:Municipality><cie:Country>IT</cie:Country></md:Extensions>

Path: /md:EntityDescriptor/md:ContactPerson[1]/md:Extensions

ERROR:spid_sp_test.metadata:Test https://host.docker.internal:5001/metadata-cie/metadata.xml with saml-schema-metadata-sp-cie.xsd

I believe the order is correct but spid-sp-test give me this error. I believe it's necessary to fix the definition of the NACE2Code tag to mark it's maxOccurs as unbounded according to this definition https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/federazione.html#informazioni-di-censimento-e-contatto.

[peppelinux]

The PR below solves this issue https://github.com/italia/spid-sp-test/pull/148

[PiemP]

Well, the ##other directive would probably allow them if I put them at the end, but looking at the XSD file it seems like there are other differences to the published spec:

• For private SPs, FiscalCode and VATNumber are marked as minOccurs="0", while they should be present exactly once:

https://github.com/italia/spid-sp-test/blob/512a5beb38660d35d8c950737e73c7156b3ef53a/src/spid_sp_test/xsd/cie/cie.xsd#L27-L34

• For public SPs, the elements as described in the code above would be correct.

This leads me to think that maybe it's a copy/paste mistake in the XSD. The elements definition in the private section should actually be in the public one, and the private one should be corrected with minOccurs="1".

I'm sorry, probably my comment have create some misunderstanding. The PR #148 solve the definition of the NACE2Code element but the ContactPerson item reamain wrong. The choice tag in the xsd allow only one of the two element between PublicGroup and PrivateGroup: but a PA could have a FiscalCode or a VATNumber or a ATECO code (NACE2Code tag). If you want I could make a PR for you.

[peppelinux]

Yes please

[peppelinux]

Ciao, i nuovi files XSD condivisi dai colleghi di IPZS sono stati aggiornati in questa release https://github.com/italia/spid-sp-test/releases/tag/v1.2.11 Questo problema è ancora presente a seguito di questo aggiornamento?

[PiemP]

Ciao, i nuovi files XSD condivisi dai colleghi di IPZS sono stati aggiornati in questa release https://github.com/italia/spid-sp-test/releases/tag/v1.2.11 Questo problema è ancora presente a seguito di questo aggiornamento?

seems a big change with a lot of potentially issue:

• now all the fields are mandatory (no minOccurs mean at least 1 occurs, see https://www.w3.org/TR/xmlschema-0/#:~:text=The%20default%20value%20for%20both,not%20occur%20more%20than%20once.). IPACategory or IPACode have a meaning only for public SP.
• NACE2Code should be not madatory but with the possibilities of multple occurs.

Probably I need to test it before say that, but I'm near to my Christmas vacations. I don't know when I can test it.