required attributes and elements are not enforced #4
Comments
|
I'm expecting a next generation SAMLmetaJS to support IdP metadata. I would like to make the SP version of SAMLmetaJS stable before I start with that. It also depend on if there are interest from real life projects. Regarding
SAMLmetaJS will allow you to create broken metadata; in example you may move back and forward between the metadata tab and the info tab, and SAMLmetaJS will create temporary metadata for you even if the entityID not yet is added. I'm working on including a metadata validator in SAMLmetaJS, which will show you a list of 'Issues that needs to be solved in metadata'. These rules for verification will be based upon rulesets that may be configured differnetly from deployment to deployment, as requirements differ. I also plan on making an option for disabling the 'Save' button until all issues with metadata is solved. |
ghost
assigned
|
Work on metadata verification is started in the |
AFAICT, only SP metadata is supported (which is not what this issue is about). If that's true, then the following attributes and elements are REQUIRED in metadata:
/md:EntityDescriptor/@EntityID
/md:EntityDescriptor/md:SPSSODescriptor
/md:EntityDescriptor/md:SPSSODescriptor/@protocolSupportEnumeration
/md:EntityDescriptor/md:SPSSODescriptor/md:AssertionConsumerService
Also, if an /md:EntityDescriptor/md:SPSSODescriptor/md:AttributeConsumingService element is included, then the following two elements are also REQUIRED:
/md:EntityDescriptor/md:SPSSODescriptor/md:AttributeConsumingService/md:ServiceName
/md:EntityDescriptor/md:SPSSODescriptor/md:AttributeConsumingService/md:RequestedAttribute
Experiments indicate that most of the above requirements are NOT enforced, which is a bug IMO. The software should never produce incorrect metadata.
The text was updated successfully, but these errors were encountered: