I'm getting error message in Novell iManager "The XML is malformed.
cvc-complex-type.2.4.a: Invalid content was found starting with element
'md:EncryptionMethod'. One of
'{"http://www.w3.org/2000/09/xmldsig#":KeyInfo}' is expected." when add
this service provider metadata:


<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="https://..."
xmlns:md="urnasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor
protocolSupportEnumeration="urnasis:names:tc:SAML:2.0rotocol"
WantAssertionsSigned="true" AuthnRequestsSigned="true">
<md:KeyDescriptor use="encryption">
<md:EncryptionMethod
xmlns:md="urnasis:names:tc:SAML:2.0:metadata"
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<X509Data><X509Certificate>...</X509Certificate></X509Data>
</KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService isDefault="true" index="0"
Location="https://.."
Binding="urnasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
</md:SPSSODescriptor>
<md:Organization>...</md:Organization>
....
</md:EntityDescriptor>

What I do in Novell iManager: IdentityServers -> AH DMZ Identity Server
-> New Trusted Provider -> Service Provider -> Source: Metadata Text

The strange thing is that it complains on lack of md:KeyInfo element
while it's here with the correct namespace. Any idea why it might be?

If I specify third-party metadata from here:
https://federation.njedge.net/metada...d-metadata.xml it says

"The XML is malformed. cvc-complex-type.2.4.a: Invalid content was found
starting with element 'Organization'. One of
'{"http://www.w3.org/2000/09/xmldsig#":Signature, ... is expected.
"

Looks like it expects some service provider specific metadata file
format, and unfortunately I was unable to find any information about
different formats of SAML 2.0 metadata.


--
YMC
------------------------------------------------------------------------
YMC's Profile: https://forums.netiq.com/member.php?userid=3229
View this thread: https://forums.netiq.com/showthread.php?t=46190