[IdP] Trying to import IdP metadata but get Invalid metadata file: no SSO, Issuer or valid

[IdP] Trying to import IdP metadata but get Invalid metadata file: no SSO, Issuer or valid

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

IdP metadata downloaded from local provider CGI at https://m00-mg-local.testidp.funktionstjanster.se/samlv2/idp/metadata

This is a test-IdP, but I still don't see what's wrong?

Solution

Hi Mats,

On a quick check on the metadata, the KeyDescriptor node bellow IDPSSODescriptor, should have the property use="signing".

Something like <md:KeyDescriptor use="signing">....


Regards

Solution

Thanks, I'll discuss with the supplier and see if their interpretation of the spec differs. Thank you so much for the fast response!

Actually - the response from our supplier was that this field is not mandatory in the SAML2 spec, and since the certificate in their case is used both for signing and encryption they omit it. Would you consider making it configurable in your implementation?

I'm not blocked by this, since I can set up the IdP manually, but it would be nice to just be able to parse the metadata directly, or even fetch it straight from the source URL?

Hi Mats,

Yes, it's not required, in the next version it will be fixed. Thanks.

Has a workaround for the moment you can add it manually before upload the file, to avoid doing it manually field by field in the configuration pages.


Regards.