SAML metadata validation issue in all 4.x instances
See original GitHub issueEnvironment:
gluu-server-4.1.0-centos7 (confirmed both for WrenDS and Couchbase, also confirmed for 4.0, and supposedly for 3.1.6 (according to Zico)).
Description:
Any new SAML TR doesn’t pass validation, and previously existing TR get broken if their metadata is updated. Somehow that doesn’t prevent IDP from functioning (i.e. SAML flows for all affected TRs seem to work), but this potentially may have further implications on existing setups.
Steps to reproduce:
-
Create a SAML TR for any SP (
samltest.id
will do) -
Wait till validation will fail and open its properties page to see the detailed cause
Result:
TR doesn’t pass validation and error text like this is seen on its page:
src-resolve: Cannot resolve the name 'resolver:BasePrincipalConnectorType' to a(n) 'type definition' component.
Error of schema creating
Warning: cannot validate metadata. Check internet connetion ans www.w3.org availability.
Warning: Error of schema creating
Warning: src-resolve: Cannot resolve the name 'resolver:BasePrincipalConnectorType' to a(n) 'type definition' component.
Next Java error trace appears in oxtrust.log
: link
Issue Analytics
- State:
- Created 4 years ago
- Comments:24 (6 by maintainers)
Top Results From Across the Web
Validate SAML Response
Online tool to validate a SAML Response. ... In order to validate the signature, the X.509 public certificate of the Identity Provider is...
Read more >SAML Frequently Asked Questions and Common Errors
The error received in this step will call out the specific problem with the metadata. Here are a few examples of errors you...
Read more >Troubleshooting SAML 2.0 federation with AWS
This error can occur when federation metadata of the identity provider does not match the metadata of the IAM identity provider. For example,...
Read more >SAML V2.0 Metadata Guide - OASIS Open
The guide provides an overview of the SAML metadata specification, ... validation and decryption based on metadata; Signing keys can be used ...
Read more >TroubleShoot: SAML Web SSO, WebSphere traditional - IBM
This document contains troubleshooting information for SAML Web Single Sign-on (SSO) Trust Association Interceptor (TAI) problems in the WebSphere® ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
to tterrag109: rename your identity.war in /opt/gluu-server/opt/gluu/jetty/identity/webapps to identity.war.bak download https://ox.gluu.org/maven/org/gluu/oxtrust-server/4.1.1.Final/oxtrust-server-4.1.1.Final.war and rename it identity.war, then do service identity restart error for schema will gone and Validation status should change to green Success
For further assistance, open ticket / continue conversation in support.gluu.org ticket.