question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SAML metadata validation issue in all 4.x instances

See original GitHub issue

Environment:

gluu-server-4.1.0-centos7 (confirmed both for WrenDS and Couchbase, also confirmed for 4.0, and supposedly for 3.1.6 (according to Zico)).

Description:

Any new SAML TR doesn’t pass validation, and previously existing TR get broken if their metadata is updated. Somehow that doesn’t prevent IDP from functioning (i.e. SAML flows for all affected TRs seem to work), but this potentially may have further implications on existing setups.

Steps to reproduce:

  1. Create a SAML TR for any SP (samltest.id will do)

  2. Wait till validation will fail and open its properties page to see the detailed cause

Result:

TR doesn’t pass validation and error text like this is seen on its page:

src-resolve: Cannot resolve the name 'resolver:BasePrincipalConnectorType' to a(n) 'type definition' component.
Error of schema creating
Warning: cannot validate metadata. Check internet connetion ans www.w3.org availability.
Warning: Error of schema creating
Warning: src-resolve: Cannot resolve the name 'resolver:BasePrincipalConnectorType' to a(n) 'type definition' component.

Next Java error trace appears in oxtrust.log: link

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:24 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
philzykcommented, Mar 24, 2020

to tterrag109: rename your identity.war in /opt/gluu-server/opt/gluu/jetty/identity/webapps to identity.war.bak download https://ox.gluu.org/maven/org/gluu/oxtrust-server/4.1.1.Final/oxtrust-server-4.1.1.Final.war and rename it identity.war, then do service identity restart error for schema will gone and Validation status should change to green Success

0reactions
mzicocommented, Apr 4, 2020

For further assistance, open ticket / continue conversation in support.gluu.org ticket.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Validate SAML Response
Online tool to validate a SAML Response. ... In order to validate the signature, the X.509 public certificate of the Identity Provider is...
Read more >
SAML Frequently Asked Questions and Common Errors
The error received in this step will call out the specific problem with the metadata. Here are a few examples of errors you...
Read more >
Troubleshooting SAML 2.0 federation with AWS
This error can occur when federation metadata of the identity provider does not match the metadata of the IAM identity provider. For example,...
Read more >
SAML V2.0 Metadata Guide - OASIS Open
The guide provides an overview of the SAML metadata specification, ... validation and decryption based on metadata; Signing keys can be used ...
Read more >
TroubleShoot: SAML Web SSO, WebSphere traditional - IBM
This document contains troubleshooting information for SAML Web Single Sign-on (SSO) Trust Association Interceptor (TAI) problems in the WebSphere® ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found