Error during SAML SP metada import ( '#default' is not a valid value for 'NMTOKEN')

  • 7023498
  • 06-Nov-2018
  • 06-Nov-2018

Environment


Access Manager 4.4
Access Manager 4.3

Situation

Access Manger customer was trying to import a Service Provider metadata. Metadata import failed with below error:

Admin Console catalina.out shows below exception:
msingh12:~ # tailf /opt/novell/nam/adminconsole/logs/catalina.out
com.novell.nidp.NIDPException: cvc-datatype-valid.1.2.1: '#default' is not a valid value for 'NMTOKEN'.
        at com.novell.nidp.common.util.URLUtil.getDocumentFromInputStream(y:99)
        at com.novell.nidp.admin.model.NidsSaml2TrustedProvider.createDescriptor(NidsSaml2TrustedProvider.java:711)
        at com.novell.nidp.admin.model.NidsSaml2TrustedProvider.importMetadata(NidsSaml2TrustedProvider.java:289)
        at com.novell.nidp.admin.model.NidsSaml2TrustedProvider.create(NidsSaml2TrustedProvider.java:168)
        at com.novell.nidp.admin.model.NidsSaml2TrustedSP.create(NidsSaml2TrustedSP.java:75)
        at com.novell.admin.nids.saml2.Saml2_Wizard_TrustedProvider.createProviderObjects(Unknown Source)

Resolution

<Signature> </Signature> part of metadata was having an element     <InclusiveNamespaces PrefixList="#default md saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />.
Changing the element to <InclusiveNamespaces PrefixList="md saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /> (removing the #default) fixes the issue.
SP metadata is uploaded successfully after using the above workaround.

A bug is raised for this issue.