Buongiorno,
stavo cercando di firmare un file metadati (per shibboleth sp) formato secondo l’avviso 29
ma in fase di firma mi da un errore.
Se nel file metadata non metto la parte relativa all’extension relativa all’avviso 29
md:Extensions
spid:IPACodePA:IT-unive</spid:IPACode>
spid:FiscalCode80007720271</spid:FiscalCode>
spid:Public/
</md:Extensions>
riesco a firmare il metadata e a validarlo (nella versione deprecata)
Se lascio questo pezzo di definizione e provo a firmare il file mi da il seguente errore
samlsign -s -k miocert.key -c miocert.pem -f -f updated-metadata.xml -alg http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 -dig http://www.w3.org/2001/04/xmlenc#sha256 > sp-signed-metadata.xml
1619086309 ERROR XMLTooling.ParserPool : fatal error on line 68, column 27, message: prefix ‘spid’ can not be resolved to namespace URI
Anche se provo a firmarlo con https://github.com/italia/spid-metadata-signer
ottengo sempre un errore:
INFO XMLSecTool - Reading XML document from file ‘metadata/metadata-in/updated-metadata.xml’
[Fatal Error] :68:27: The prefix “spid” for element “spid:IPACode” is not bound.
Dove sto sbagliando?
Riporto per completezza il file updated-metadata.xml che cerco di firmare
<md:EntityDescriptor xmlns:md=“urn:oasis:names:tc:SAML:2.0:metadata” xmlns:ds=“http://www.w3.org/2000/09/xmldsig#” entityID=“https://idp2.unive.it/sp” ID="_5-38a1-ba72-ccac3b16375fa">
<md:SPSSODescriptor protocolSupportEnumeration=“urn:oasis:names:tc:SAML:2.0:protocol”
AuthnRequestsSigned=“true”
WantAssertionsSigned=“true”>
<md:KeyDescriptor use=“signing”>
ds:KeyInfo
ds:X509Data
ds:X509Certificate
… omissis
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“https://idp2.unive.it/Shibboleth.sso/SLO/POST”/>
md:NameIDFormaturn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“https://idp2.unive.it/Shibboleth.sso/SAML2/POST” index=“0” isDefault=“true”/>
<md:AttributeConsumingService index=“0”>
<md:ServiceName xml:lang=“it”>Servizio di registrazione</md:ServiceName>
<md:RequestedAttribute Name=“spidCode” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“fiscalNumber” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“familyName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“name” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“gender” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“dateOfBirth” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“email” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
<md:RequestedAttribute Name=“mobilePhone” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
md:Organization
<md:OrganizationName xml:lang=“en”>Ca’ Foscari University of Venice</md:OrganizationName>
<md:OrganizationName xml:lang=“it”>Università Ca’ Foscari Venezia</md:OrganizationName>
<md:OrganizationDisplayName xml:lang=“en”>Ca’ Foscari University of Venice </md:OrganizationDisplayName>
<md:OrganizationDisplayName xml:lang=“it”>Università Ca’ Foscari Venezia </md:OrganizationDisplayName>
<md:OrganizationURL xml:lang=“en”>http://www.unive.it</md:OrganizationURL>
<md:OrganizationURL xml:lang=“it”>http://www.unive.it</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType=“other”>
md:Extensions
spid:IPACodePA:IT-unive</spid:IPACode>
spid:FiscalCode80007720271</spid:FiscalCode>
spid:Public/
</md:Extensions>
md:EmailAddresssysadmin@unive.it</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
