IdP metadata generator appear to be adding extraneous name spaces to the metadata
Fixed
Description fields
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
NOTE I want to do some more analysis of this case and so I will asign it to myself. However I am OOF for the next 3 days and I need to capture it now.
I have an IdP which comes from a QuickInstall. The installation process is pretty standard (the MSI grabs some properties and then falls into the ant script. However I am not 100% sure that the Quick installer isn't the core of the problems.
The QI starts with a slightly different template for the self metadata but the first few lines look like this:
NOTE I want to do some more analysis of this case and so I will asign it to myself. However I am OOF for the next 3 days and I need to capture it now.
I have an IdP which comes from a QuickInstall. The installation process is pretty standard (the MSI grabs some properties and then falls into the ant script. However I am not 100% sure that the Quick installer isn't the core of the problems.
The QI starts with a slightly different template for the self metadata but the first few lines look like this:
<EntityDescriptor entityID="$IDP_ENTITY_ID$"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
Which is fair enough.
Post installation the following is in the idp\metadata directory:
<EntityDescriptor entityID="https://idp.edina.ac.uk/shibboleth"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
And so on. The extra xmlns="urn:oasis:names:tc:SAML:2.0:metadata" (and there are many more where that came from) is odd, but benign.
But it is when I load this from the metadata endpoint that things get truly funky:
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://idp.edina.ac.uk/shibboleth"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
The "xmlns:xmlns" is super illegal and I had UK Federations Ops onto my case for giving them illegal metadata...
I don't think that QI is implicated, but as I said at the top I don't have the cycles today to ensure. So I'll take this case for now