Error unmarshalling message from input stream: Saw invalid child element

Invalid

Description fields

Basics

Logistics

Basics

Logistics

Description

When the IDP receives this assertiong

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="_586F73FDE97507F6F207F1D13CAEA6B7"
                    Version="2.0"
                    IssueInstant="2024-11-05T12:04:27Z"
                    Destination="https://idp.cirad.fr/idp/profile/SAML2/POST/SSO"
                    ForceAuthn="false"
                    IsPassive="false"
                    >
    <saml:Issuer>https://humanid.huma-num.fr/saml/metadata</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="#_586F73FDE97507F6F207F1D13CAEA6B7">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>vbgoPvSlFyruz4/eS2brwCwd++M=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>knXGZI61QMxmrGQhjlOJlQRB5xWK16zfhOosLTBSGJ/MqKOFKYe4+3T6dNWrLSqN
IHzPhGsBc660eT3ls/fLcAktq3S99rxpWvwROmlbDL3rnDFNVohqZsEM9TbrqtQM
SW51Jo2qYOCsF3FffNJaQiJ8hp2bYGXrxwlBM+LJF7EWV0EdoHAob0aeUoSdP4Re
59eJPCNPwfiLbLB4gxfY1ncxzUC+T9PkxrAqAEH0FVYUCMF4/3Gsq6maSlvnlW8d
CsliHblDl8R3dk9XeaZG3xcTthKItE+QlebcZhonNiPGLKwlYNwz+u7wq9zVOM7u
tHync12Oq0JwGc79Vb3ELA==</SignatureValue>
        <KeyInfo>
            <KeyValue>
                <RSAKeyValue>
                    <Modulus>
uJFCPJswuZVZoEB9n/hv8stuMVo36XTV8yg418n4UHwRjySDiUOMOMgSpPxSc9Ft
N26NPa7Y6Q8T/DkxHAGWvk6pvAyaU0lqLt6dzFId0PjkGy3rtea53Q30jSLFjv1p
dfqMIb441ZHjcpiq6ZEj03i30I8hicUYP2hYWShNfBgbWoLygh2Gb6PtGSvC+igi
pFAglAR/8eZJdgGPGJ4Ab0C2+FzAIyrDXnOSfhkZEUKkfnp7wOcTkSoRt6msOLFD
aW4KxSm4evsc5S+/NRUmeBxd0NQFPrq78IuzDA049W9Zjs6j3130pXe42cF9V7z0
BKEToTKYpyRYLkDFi+K5FQ==
</Modulus>
                    <Exponent>
AQAB
</Exponent>
                </RSAKeyValue>
            </KeyValue>
        </KeyInfo>
    </Signature>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        AllowCreate="true"
                        />
    <saml:Conditions>
        <saml:ProxyRestriction>
            <saml:Audience>https://idp.cirad.fr/idp/shibboleth</saml:Audience>
            <saml:Count>0</saml:Count>
        </saml:ProxyRestriction>
    </saml:Conditions>
</samlp:AuthnRequest>

it throws this exception

2024-11-05 09:27:54,802 - 172.20.0.1 - ERROR [org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder:137] - Error unmarshalling message from input stream: Saw
 invalid child element {urn:oasis:names:tc:SAML:2.0:assertion}Count on parent {urn:oasis:names:tc:SAML:2.0:assertion}ProxyRestriction

That work with IDP v4.3

Best regards,

Fred

Environment

None

Activity

Scott Cantor

November 5, 2024 at 1:29 PM

Rod Widdowson

November 5, 2024 at 1:25 PM

Resize work item view side panel

Details

Assignee

Scott Cantor

Reporter

Frédéric MAZZINI

Components

SAML2

Affects versions

5.1.3

Created November 5, 2024 at 12:08 PM

Updated November 5, 2024 at 1:30 PM

Resolved November 5, 2024 at 1:30 PM

Error unmarshalling message from input stream: Saw invalid child element

Description

Environment

Scott Cantor

Rod Widdowson

Details

Assignee

Reporter

Components

Affects versions

Flag notifications

Something's gone wrong