Salve,
sto cercando di validare il seguente metadata utilizzando il servizio SPID Validator, tuttavia, quando vado a visualizzare gli errori di validazione sembrerebbe non vengano riconosciuti i tag md:Extensions. Dove sto sbagliando?
Metadata
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:spid="https://spid.gov.it/saml-extensions" xmlns:fpa="https://spid.gov.it/invoicing-extensions" validUntil="2030-06-01T14:25:08Z" cacheDuration="PT604800S" entityID="https://example.com" ID="pfxd5267c18-49aa-c7fb-b52c-c174d065a2b9">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#pfxd5267c18-49aa-c7fb-b52c-c174d065a2b9">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>
dGsahtIqm5JMTsfyQJBgDw3ElD4psu2C0zDDKc+Jqx8=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
g7lCNSN4KzNPqYYoYLC0VMtsPm99c2x4MMFltcnJr8+JnEizZoBowummZZgQDZ/p8PxHO+nEsbALBdcBA2ouVRV5dCWqS6gwzNDtLLIVcHXPxkh21WKQaUGdC3tvIAGt/MW4xD94YacxIfY44DfL6CA1KdVJ05vwacDqLTT6rIcC2Q0INX//wwO5V+JjKKnGJL5V7BwWDrWVZkspGlYFuFHPetnZ1LgoLUG9T7EsfHOgIvP3d9hGWkwuv+r1qYfiT2YZPhd+KurgZvRfBIONdupBO+eKoawm3tzVadi4/wyrnVEUt/wzaZJ/xRtX25hEG79HuetyM+4RkLkHUwbTHlaIreXEEJU0MqoaB9FfeGcM++AMwoUYhguUwB90iJm7BJ3djiSws0+AoRGgLNY5x7bjxTbUaZjfWKw5KgLOG+TH1HY1gNgFh7cuvQHeDdfczNguaCAe0yowg0KonnZGah/dTjhRUEqvwj+dgPAXEZKmuWRK8qOOWD1p66JpUv6BbsunDIA9Kc3y7Cu39Tu/h4xpOCi4R1ccmPcWcx96giQMm7CW98keTYw5bd8Cu5YNho9ch9lxbNTxhtpivgvO4tyuvJi7apGOqRzM7iPZbirdf9fH93tCPkcxVWB5u8NgblxSMBb2cLNAYKeFpU4meAQW8Jr92W0XWrIYSzYT8Vc=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGKDCCBBCgAwIBAgIICVyeg1qDLFQwDQYJKoZIhvcNAQELBQAwgZgxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCb2xvZ25hMRAwDgYDVQQHDAdCb2xvZ25hMQ0wCwYDVQQKDARBY21lMQ0wCwYDVQQLDARBY21lMRowGAYDVQRhDBFWQVRJVC0wMTIzNDU2Nzg5MDENMAsGA1UEAwwEQWNtZTEcMBoGA1UEUwwTaHR0cHM6Ly9leGFtcGxlLmNvbTAgFw0yMjA1MjMyMjA0NTJaGA8yMDU0MDUxNTIyMDQ1MlowgZgxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCb2xvZ25hMRAwDgYDVQQHDAdCb2xvZ25hMQ0wCwYDVQQKDARBY21lMQ0wCwYDVQQLDARBY21lMRowGAYDVQRhDBFWQVRJVC0wMTIzNDU2Nzg5MDENMAsGA1UEAwwEQWNtZTEcMBoGA1UEUwwTaHR0cHM6Ly9leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOV29UCEwR42YZD2WwOLYRSEJSEwmbNFI/RQBViDP6EtpwGWJcL9J+vPuqeOEE1PRTd7K9wQA1QckXHjqtL8dZrUqkanRj6758PXFYYvwqNAP1VwR4iXs6BKdJsb3C93UTGtzyVvBode4WOrUeKOxwLWgH6yGQCdbDwgft3zOkbQhW+XgggDf3cYDADjQ3wPaO8+yEga7G8vaCGMm9rZMmprXY+meY/DU00m0R1eSWUp3UzeV7M2ueW7ZSHQ74kT4DgAEqORrnrjQYnaPuqTRsBNkKcPi6qNQM1nfH3mjPARwZ2pcd2rQpv5Q0fZNydOewT9DTVSZzaF9axWcjYOF9SnNGW3ADVRm9wG9fvwmibWC2x3sbldIf48n54g/WKot0SfCTIb2cZnze5GJVkIQkF2EK3k5tfXfl8S8cqADa55pEtNmmxqY297I5D/vukIyqGpQ3r4XPf+UEcdZHAgIaBNxGnaE50mY1HumGCkx1SBprQ34RLpvF4jSkxmq6eTyrwhqtmXr6pFC+DKANJWuusXhFCmtfElxegVjX770WLT/12iYvGTaxr0Sy3Ud+1f++2cMVYpHaMAoj2AWY79RNSH++/rXHETNL3RegSwkdcACpdCR42XQuVdC7xwSxP1MpDapjfFmD4nDHey82NJakn1Ap/KdcdRWN8QMP1QDLnDAgMBAAGjcjBwMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgbAMFMGA1UdIARMMEowIAYEK0wQBjAYMBYGCCsGAQUFBwICMAoaCGFnSURjZXJ0MCYGBitMEAQDATAcMBoGCCsGAQUFBwICMA4aDGNlcnRfU1BfUHJpdjANBgkqhkiG9w0BAQsFAAOCAgEAsQEotkvci/M9FLrjoCZaBShEQb9miH+7XSOyTzEA6DrtlHz3I4r//qQCJbo4gMlsK6MueoAlBDveBerI5FEuwA0E30ice/LZaiB3zJbKZmPGEnQubaxdWEZEan2azMG40LpOi8Zf6XGPOoD8oSJCRr1hyf5m7QBAfWuOyWj81mvLiRRnz2vwnEwRzmUAgl8I7aQoUliMzPtvrzg1OrbdXg8rSvjof2SDA5UaY5YPK5eXzOikpSJZaWjj+FbYWRVrdsqcGR5CSQc4a9gksPbMZapZYvDSc4yCsW9pS++wv3nHab/uw3amCrXy12xSV395dw8Eh7MbaxJS9rDVDMcm06S+idwHbNBZa3ev6SeBp4J496d6CTYyTO8oToHx8Rk7TLw9giN7NH+2QwdNjidDvTgWrCyRyEqUpAYvBWqreoNKsjSSM35JQu31vYcuJU00I4hQHVdo68lKNngraiuxLHrF0Q01oMGiHICzysWt/ZD/UTaF15LJXH1pCzuyFWIuk5ejXH2Sm5lO6QdwQkt3DIJG/vgddhL6twehXkgH3uRkFB5TCD5AlyhbtgF3PPnPG81xpSOfxhoFMDrMRW5PodXddlG9gc3NbOcb18wtA/jsh84UpYIvXqLFVSFv8M59O3DFebOaG2Bgeox0k3sD7kDDWDLjZxZESFoC6EfbkP8=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIGKDCCBBCgAwIBAgIICVyeg1qDLFQwDQYJKoZIhvcNAQELBQAwgZgxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCb2xvZ25hMRAwDgYDVQQHDAdCb2xvZ25hMQ0wCwYDVQQKDARBY21lMQ0wCwYDVQQLDARBY21lMRowGAYDVQRhDBFWQVRJVC0wMTIzNDU2Nzg5MDENMAsGA1UEAwwEQWNtZTEcMBoGA1UEUwwTaHR0cHM6Ly9leGFtcGxlLmNvbTAgFw0yMjA1MjMyMjA0NTJaGA8yMDU0MDUxNTIyMDQ1MlowgZgxCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCb2xvZ25hMRAwDgYDVQQHDAdCb2xvZ25hMQ0wCwYDVQQKDARBY21lMQ0wCwYDVQQLDARBY21lMRowGAYDVQRhDBFWQVRJVC0wMTIzNDU2Nzg5MDENMAsGA1UEAwwEQWNtZTEcMBoGA1UEUwwTaHR0cHM6Ly9leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOV29UCEwR42YZD2WwOLYRSEJSEwmbNFI/RQBViDP6EtpwGWJcL9J+vPuqeOEE1PRTd7K9wQA1QckXHjqtL8dZrUqkanRj6758PXFYYvwqNAP1VwR4iXs6BKdJsb3C93UTGtzyVvBode4WOrUeKOxwLWgH6yGQCdbDwgft3zOkbQhW+XgggDf3cYDADjQ3wPaO8+yEga7G8vaCGMm9rZMmprXY+meY/DU00m0R1eSWUp3UzeV7M2ueW7ZSHQ74kT4DgAEqORrnrjQYnaPuqTRsBNkKcPi6qNQM1nfH3mjPARwZ2pcd2rQpv5Q0fZNydOewT9DTVSZzaF9axWcjYOF9SnNGW3ADVRm9wG9fvwmibWC2x3sbldIf48n54g/WKot0SfCTIb2cZnze5GJVkIQkF2EK3k5tfXfl8S8cqADa55pEtNmmxqY297I5D/vukIyqGpQ3r4XPf+UEcdZHAgIaBNxGnaE50mY1HumGCkx1SBprQ34RLpvF4jSkxmq6eTyrwhqtmXr6pFC+DKANJWuusXhFCmtfElxegVjX770WLT/12iYvGTaxr0Sy3Ud+1f++2cMVYpHaMAoj2AWY79RNSH++/rXHETNL3RegSwkdcACpdCR42XQuVdC7xwSxP1MpDapjfFmD4nDHey82NJakn1Ap/KdcdRWN8QMP1QDLnDAgMBAAGjcjBwMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgbAMFMGA1UdIARMMEowIAYEK0wQBjAYMBYGCCsGAQUFBwICMAoaCGFnSURjZXJ0MCYGBitMEAQDATAcMBoGCCsGAQUFBwICMA4aDGNlcnRfU1BfUHJpdjANBgkqhkiG9w0BAQsFAAOCAgEAsQEotkvci/M9FLrjoCZaBShEQb9miH+7XSOyTzEA6DrtlHz3I4r//qQCJbo4gMlsK6MueoAlBDveBerI5FEuwA0E30ice/LZaiB3zJbKZmPGEnQubaxdWEZEan2azMG40LpOi8Zf6XGPOoD8oSJCRr1hyf5m7QBAfWuOyWj81mvLiRRnz2vwnEwRzmUAgl8I7aQoUliMzPtvrzg1OrbdXg8rSvjof2SDA5UaY5YPK5eXzOikpSJZaWjj+FbYWRVrdsqcGR5CSQc4a9gksPbMZapZYvDSc4yCsW9pS++wv3nHab/uw3amCrXy12xSV395dw8Eh7MbaxJS9rDVDMcm06S+idwHbNBZa3ev6SeBp4J496d6CTYyTO8oToHx8Rk7TLw9giN7NH+2QwdNjidDvTgWrCyRyEqUpAYvBWqreoNKsjSSM35JQu31vYcuJU00I4hQHVdo68lKNngraiuxLHrF0Q01oMGiHICzysWt/ZD/UTaF15LJXH1pCzuyFWIuk5ejXH2Sm5lO6QdwQkt3DIJG/vgddhL6twehXkgH3uRkFB5TCD5AlyhbtgF3PPnPG81xpSOfxhoFMDrMRW5PodXddlG9gc3NbOcb18wtA/jsh84UpYIvXqLFVSFv8M59O3DFebOaG2Bgeox0k3sD7kDDWDLjZxZESFoC6EfbkP8=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/logout"/>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/login" index="0" isDefault="true"/>
<md:AttributeConsumingService index="0">
<md:ServiceName xml:lang="en">
Signup and Login
</md:ServiceName>
<md:RequestedAttribute Name="spidCode"/>
<md:RequestedAttribute Name="name"/>
<md:RequestedAttribute Name="familyName"/>
<md:RequestedAttribute Name="fiscalNumber"/>
<md:RequestedAttribute Name="mobilePhone"/>
<md:RequestedAttribute Name="email"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="it">
Acme
</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="it">
Acme
</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="it">
https://example.com
</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="other">
<md:GivenName>
Other Name
</md:GivenName>
<md:EmailAddress>
other@example.com
</md:EmailAddress>
<md:Extensions xmlns:spid="https://spid.gov.it/saml-extensions">
<spid:VATNumber xmlns:spid="https://spid.gov.it/saml-extensions">
IT01234567890
</spid:VATNumber>
<spid:Private xmlns:spid="https://spid.gov.it/saml-extensions"/>
</md:Extensions>
</md:ContactPerson>
<md:ContactPerson contactType="billing">
<md:GivenName>
Billing Name
</md:GivenName>
<md:EmailAddress>
billing@example.com
</md:EmailAddress>
<md:Extensions xmlns:fpa="https://spid.gov.it/invoicing-extensions">
<fpa:CessionarioCommittente xmlns:fpa="https://spid.gov.it/invoicing-extensions">
<fpa:DatiAnagrafici>
<fpa:IdFiscaleIVA>
<fpa:IdPaese>
IT
</fpa:IdPaese>
<fpa:IdCodice>
01234567890
</fpa:IdCodice>
</fpa:IdFiscaleIVA>
<fpa:Anagrafica>
<fpa:Denominazione>
Acme Institute
</fpa:Denominazione>
</fpa:Anagrafica>
</fpa:DatiAnagrafici>
<fpa:Sede>
<fpa:Indirizzo>
Street Number
</fpa:Indirizzo>
<fpa:CAP>
40121
</fpa:CAP>
<fpa:Comune>
Bologna
</fpa:Comune>
<fpa:Nazione>
IT
</fpa:Nazione>
</fpa:Sede>
</fpa:CessionarioCommittente>
</md:Extensions>
</md:ContactPerson>
</md:EntityDescriptor>
Errori del validatore (un esempio)
failure - value: failed validating <Element '{urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson' at 0x7f8cd4d82590> with XsdGroup(model='sequence', occurs=[1, 1]): Reason: Unexpected child with tag 'md:Extensions' at position 3. Schema: <complexType xmlns="http://www.w3.org/2001/XMLSchema" name="ContactType"> <sequence> <element ref="md:Extensions" minOccurs="0" /> <element ref="md:Company" minOccurs="0" /> <element ref="md:GivenName" minOccurs="0" /> <element ref="md:SurName" minOccurs="0" /> <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded" /> <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded" /> </sequence> <attribute name="contactType" type="md:ContactTypeType" use="required" /> <anyAttribute namespace="##other" processContents="lax" /> </complexType> Instance: <md:ContactPerson xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:spid="https://spid.gov.it/saml-extensions" contactType="other"> <md:GivenName>Other Name</md:GivenName> <md:EmailAddress>other@example.com</md:EmailAddress> <md:Extensions> <spid:VATNumber>IT01234567890</spid:VATNumber> <spid:Private /> </md:Extensions> </md:ContactPerson> Path: /md:EntityDescriptor/md:ContactPerson[1] : failed validating <Element '{urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson' at 0x7f8cd4d82590> with XsdGroup(model='sequence', occurs=[1, 1]): Reason: Unexpected child with tag 'md:Extensions' at position 3. Schema: <complexType xmlns="http://www.w3.org/2001/XMLSchema" name="ContactType"> <sequence> <element ref="md:Extensions" minOccurs="0" /> <element ref="md:Company" minOccurs="0" /> <element ref="md:GivenName" minOccurs="0" /> <element ref="md:SurName" minOccurs="0" /> <element ref="md:EmailAddress" minOccurs="0" maxOccurs="unbounded" /> <element ref="md:TelephoneNumber" minOccurs="0" maxOccurs="unbounded" /> </sequence> <attribute name="contactType" type="md:ContactTypeType" use="required" /> <anyAttribute namespace="##other" processContents="lax" /> </complexType> Instance: <md:ContactPerson xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:spid="https://spid.gov.it/saml-extensions" contactType="other"> <md:GivenName>Other Name</md:GivenName> <md:EmailAddress>other@example.com</md:EmailAddress> <md:Extensions> <spid:VATNumber>IT01234567890</spid:VATNumber> <spid:Private /> </md:Extensions> </md:ContactPerson> Path: /md:EntityDescriptor/md:ContactPerson[1]