When I imported the metadata from a service provider we’re testing against, it included:
[quote]SingleLogoutServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:SOAP”[/quote]
It looks like the default schema for saml.config only contains enumeration values for HTTP-POST and HTTP-Redirect, so I get a SAMLSchemaValidationException with the following warning:
[quote]The ‘SingleLogoutServiceBinding’ attribute is invalid - The value ‘urn:oasis:names:tc:SAML:2.0:bindings:SOAP’ is invalid according to its datatype ‘urn:componentspace:SAML:2.0:configuration:SAMLBindingType’ - The Enumeration constraint failed.[/quote]
How do I go about overriding the default schema or otherwise getting the SOAP binding into that enumeration?
Thanks!
~JT
The saml.config and the corresponding SAML high-level API do not support the SOAP binding.
The SOAP binding is rarely used as it requires a back-channel to be opened between the IdP and SP.
If you wish to support SOAP then you would need to revert to our SAML low-level APi which supports this binding.
Otherwise, if SOAP support isn’t required, please remove it from the metadata being imported.
We intend on making metadata import easier in a future release. This will include more graceful handling of unsupported bindings.
Good deal, thanks for the reply. In looking at the metadata, it actually includes a number of SingleLogoutService elements with various bindings. The Importer must have just taken SOAP because it was first, but there were HTTP-POST and HTTP-Redirect entries in there as well. Phew!
Thanks again!
~JT
You’re welcome.