Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
495 views

AM can not parse my metadata while adding Trusted Provider


I'm getting error message in Novell iManager "The XML is malformed.
cvc-complex-type.2.4.a: Invalid content was found starting with element
'md:EncryptionMethod'. One of
'{"http://www.w3.org/2000/09/xmldsig#":KeyInfo}' is expected." when add
this service provider metadata:


<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="https://..."
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
WantAssertionsSigned="true" AuthnRequestsSigned="true">
<md:KeyDescriptor use="encryption">
<md:EncryptionMethod
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<X509Data><X509Certificate>...</X509Certificate></X509Data>
</KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService isDefault="true" index="0"
Location="https://.."
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
</md:SPSSODescriptor>
<md:Organization>...</md:Organization>
....
</md:EntityDescriptor>

What I do in Novell iManager: IdentityServers -> AH DMZ Identity Server
-> New Trusted Provider -> Service Provider -> Source: Metadata Text

The strange thing is that it complains on lack of md:KeyInfo element
while it's here with the correct namespace. Any idea why it might be?

If I specify third-party metadata from here:
https://federation.njedge.net/metadata/njedge-fed-metadata.xml it says

"The XML is malformed. cvc-complex-type.2.4.a: Invalid content was found
starting with element 'Organization'. One of
'{"http://www.w3.org/2000/09/xmldsig#":Signature, ... is expected.
"

Looks like it expects some service provider specific metadata file
format, and unfortunately I was unable to find any information about
different formats of SAML 2.0 metadata.


--
YMC
------------------------------------------------------------------------
YMC's Profile: https://forums.netiq.com/member.php?userid=3229
View this thread: https://forums.netiq.com/showthread.php?t=46190

0 Likes
2 Replies
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: AM can not parse my metadata while adding Trusted Provider

YMC wrote:


> Looks like it expects some service provider specific metadata file
> format, and unfortunately I was unable to find any information about
> different formats of SAML 2.0 metadata.


What version of NAM are you using?

--
Cheers,
Edward
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AM can not parse my metadata while adding Trusted Provider

YMC,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.