Mahara

Mahara throws 'Badly formated SAML' error even though the metadata is valid

Bug #1885957 reported by Kristina Hoeppner on 2020-07-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Robert Lyon	Mahara 20.10.0

Bug Description

It would be good to investigate what SAML metadata we allow. Recently, when we updated an IdP, the error for 'badly formatted SAML' was thrown even though the IdP metadata was valid.

The old metadata that worked. Displayed is only the pertinent part that needed to be retained to work:

---
<EntityDescriptor
  xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
  xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
  xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"
  entityID="https://URLDISGUISDED">
<Extensions>
---

The equivalent of the new metadata that wouldn't work:

---
<EntityDescriptor entityID="https://URLDISGUISDED">
<Extensions>
---

The new metadat doesn't contain any of the xmlns values and the xsi value.

Tags:

Kristina Hoeppner (kris-hoeppner) on 2020-07-01

tags:

added: saml sso

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-09-14: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11264

Cecilia Vela Gurovic (ceciliavg) on 2020-09-16

Changed in mahara:
status:	Confirmed → In Progress
assignee:	nobody → Robert Lyon (robertl-9)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-09-16: A change has been merged

Reviewed: https://reviews.mahara.org/11264
Committed: https://git.mahara.org/mahara/mahara/commit/582e998a7bf5341a743b17ee9d6de168903cece8
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 582e998a7bf5341a743b17ee9d6de168903cece8
Author: Robert Lyon <email address hidden>
Date: Mon Sep 14 13:06:49 2020 +1200

Bug 1885957: Check SAML XML to see if namespace declarations are met

If the SAML metadata for the IdP contains namespaced content we need
to make sure that the declarations for those namespaces are met either
within the <EntityDescriptor> tag or within child content itself

Change-Id: I4de5f721fc81dc69238ee48d3b8563e78c710737
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-09-16

Changed in mahara:
status:	In Progress → Fix Committed

Robert Lyon (robertl-9) on 2020-10-21

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.