Contrib.social

Invalid SP metadata: invalid_xml

Open on Drupal.org β†’
Created on 2 February 2023, over 1 year ago
Updated 26 September 2023, 9 months ago

Problem/Motivation

I am trying to get the module to return the xml metadata to give to my Identity Provider

Steps to reproduce

On the /admin/config/people/saml page for configuring the module, I filled in the fields based on https://git.drupalcode.org/project/samlauth/-/blob/8.x-3.x/README.md.

1) In the SERVICE PROVIDER section of /admin/config/people/saml, I provided:

Entity ID: my site url, in the format of [https://mysite.com]

Type of values to save for the key/certificate: File

- I provided the paths to the Private Key filename and the X.509 Certificate Filename stored on the server

- I have no idea what should be given for New X.509 Certificate filename

2) In the IDENTITY PROVIDER section of /admin/config/people/saml, I provided:

Entity ID: https://saml.example.com/entityid (no matter what I put here, I still received the Invalid SP metadata: invalid_xml error)

Single Sign On Service: https://mocksaml.com/saml/login (no matter what I put here, I still received the Invalid SP metadata: invalid_xml error)

Single Logout Service: https://mocksaml.com/api/saml/sso (no matter what I put here, I still received the Invalid SP metadata: invalid_xml error)

3) When I go to /saml/metadata to retrieve the xml metadata, I get the following response:

Invalid SP metadata: invalid_xml

4) Where can I find where this error is logged, and how can I resolve it?

Proposed resolution

πŸ’¬ Support request
Status

Fixed

Version

3.8

Component

User interface

Created by

πŸ‡ΊπŸ‡ΈUnited States minkahb

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 12 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States rbrandon

    Same issue, @minkahb did you find the issue before I dig through the code?

  • Comment 12 months ago β†’
    πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    The "invalid_xml" error comes from the SAML Toolkit library, which we treat as a black box. (The "Invalid SP metadata: " prefix is added in SamlService::getMetadata().)

    It's Utils::validateXML() which actually does have access to more detailed errors... but it just echo/syslogs them, instead of returning them.

    Maybe getMetadata() can be extended to do the same: check if $errors contains simply 'invalid_xml', and if so, add the libxml_get_errors()->messages into $errors before throwing the exception.

  • Comment 9 months ago β†’
    System Message
    • roderik β†’ committed 9ee7bcc3 on 8.x-3.x 
      Issue #3338701" for 'invalid_xml' error, log XML errors and add ?check=0...
  • Status changed to Fixed 9 months ago
  • Comment 9 months ago β†’
    πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    Since I was tinkering, I added some logs. The error is now:

    Invalid SP metadata: invalid_xml, detailed XML errors are logged, add ?check=0 to see the invalid metadata.

    So then you can see the invalid metadata with /saml/metadata?check=0 and the errors in the Drupal log.

    The only way I see to get an 'invalid_xml' error, so far, has been to add a file containing invalid text contents for the key/certificate. If this is the case, then you'll need to figure out by yourself that these contents are invalid, from seeing the XML / cryptic logged error.

    But it's better than it was. So for now, I'm setting "fixed".

  • Comment 9 months ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024