search

italia / spid-sp-test

SAML2 SPID/CIE Service Provider validation tool
European Union Public License 1.2
38 stars 17 forks source link

[Metadata] Mysterious non-unique ContactPerson constraint check failure #125

Closed longstoned closed 2 years ago

longstoned commented 2 years ago

Hi,

not a Python expert at all, firstly. I am experiencing a strange validation error, possibile related to the line in [1] but I am confused. For v. 1.1.5 of spid_sp_test I am getting the following:

ERROR:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: Only one ContactPerson element of contactType "other" MUST be present
ERROR:spid_sp_test.metadata:Only one ContactPerson element of contactType "other" MUST be `present`

for a pub-ag-full SP with this kind of structure (Contacts section, edited here):

 <md:ContactPerson contactType="other" spid:entityType="spid:**aggregator**">
                <md:Extensions>
                        <spid:VATNumber>IT02770800000</spid:VATNumber>
                        <spid:PublicServicesFullAggregator/>
                </md:Extensions>
                <md:Company>myCompany Ltd</md:Company>
                <md:EmailAddress>support@mycompany.it</md:EmailAddress>
        </md:ContactPerson>
        <md:ContactPerson contactType="other" spid:entityType="spid:**aggregated**">
                <md:Extensions>
                        <spid:IPACode>COM678</spid:IPACode>
                        <spid:Public/>
                </md:Extensions>
                <md:Company>Comune di Topolinia</md:Company>
        </md:ContactPerson>

This structure should be supported and non error-flagged... Actually I identified [1] but I am NOT entirely convinced it is there the problem (supposing my XML metadata is fine).. because the function defintion uses (apparently...) some default parameter values, here's the signature: def test_Contacts_PubPriv(self, contact_type="other", entity_type="")

and entityType..seems to be set correctly... which makes me wonder.. why is the Xpath/code triggering the error? Seems like.. this section is triggered:

if not entity_type:
            self._assertTrue(
                len(entity_desc) == 1,
                "Only one ContactPerson element of contactType "
                f'"{contact_type}" MUST be present',
                test_id = ['1.10.0'], **_data,
            )

which.. looks impossible if I understand correctly the call from [1]... Also strange... immediately following [1] there's another call with another entityType.. so.. I would expect 2 (two) errors... (one for aggregated and one for aggregator)..

Is this XML structure really incorrect? or there's some..ghost call around or I don't know exactly how to say it.

Thank you.

Diego

[1] https://github.com/italia/spid-sp-test/blob/58afa3fa0b3dd1a3f7accbb085975943c1e31588/src/spid_sp_test/metadata.py#L962

peppelinux commented 2 years ago

Ciao @longstoned

can you share the spid-sp-test command you used? do you configure the correct --profile for soggetto aggregatore?

longstoned commented 2 years ago

Ciao @peppelinux :)

Hmm.. no--profile issued, so possibly my bad. I just used spid_sp_test --metadata-url as in some examples and got many constraint checks performed, with final output summary as below. Actually, i don't see any --profile option via spid_sp_test -h (on 1.1.5)

Summary: Spid QA: executed 127 tests, 1 failed. 0 warnings.

peppelinux commented 2 years ago

see -h and configure the right profile for your SP

longstoned commented 2 years ago

ohhh I see... There's -pr option which also has --profile but it's a quite a bit hidden after all the possible values

Summary now (with --profile spid-sp-ag-public-full )

Spid QA: executed 135 tests, 0 failed. 0 warnings.

Thanks a lot @peppelinux