MDQT doesn't like ADFS metadata with WSFed cruft in it
binaryape opened this issue · comments
root@shibt01:/opt/shibboleth-idp/metadata/local# mdqt ln --force *
Error: XML validation failed for xxxxxxxxx.uk.xml:
3:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor', attribute '{[http://www.w3.org/2001/XMLSchema-instance}type](http://www.w3.org/2001/XMLSchema-instance%7Dtype)': The QName value '{[http://docs.oasis-open.org/wsfed/federation/200706}ApplicationServiceType](http://docs.oasis-open.org/wsfed/federation/200706%7DApplicationServiceType)' of the xsi:type attribute does not resolve to a type definition.
3:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor': The type definition is abstract.
3:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor', attribute '{[http://www.w3.org/2001/XMLSchema-instance}type](http://www.w3.org/2001/XMLSchema-instance%7Dtype)': The QName value '{[http://docs.oasis-open.org/wsfed/federation/200706}SecurityTokenServiceType](http://docs.oasis-open.org/wsfed/federation/200706%7DSecurityTokenServiceType)' of the xsi:type attribute does not resolve to a type definition.
3:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor': The type definition is abstract.
The quick fix is to rip out the WSFed lines from the metadata but the best answer is to use the correct schema: