Identity Providers based on ADFS has can contain extensions in their metadata normally extensions that by default are note not validated by Shibboleth Service Provider. This means that SWAMID metadata will not automatically be validated by Shibboleth SP unless you add support for some schemas used by Microsoft.
...
- Download all schema files starting with "ws-" from https://git.swamid.se/?p=swamid-metadata.git;a=tree;f=schema;hb=HEAD and put them in the folder ${install_prefix}/share/xml/shibboleth/. The ws-* files are 2017-09-18
- ws-addr.xsd
- ws-authorization.xsd
- ws-federation.xsd
- ws-securitypolicy-1.2.xsd
Add configuration in ${install_prefix}/share/xml/shibboleth/catalog.xml for downloaded schemas.
Code Block language xml title Example ApplicationDefaults in shibboleth2ws-* schemas in catalog.xml <system systemId="http://www.w3.org/2005/08/addressing" uri="@-PKGXMLDIR-@/ws-addr.xsd"/> <system systemId="http://docs.oasis-open.org/wsfed/authorization/200706" uri="@-PKGXMLDIR-@/ws-authorization.xsd"/> <system systemId="http://docs.oasis-open.org/wsfed/federation/200706" uri="@-PKGXMLDIR-@/ws-federation.xsd"/> <system systemId="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" uri="@-PKGXMLDIR-@/ws-securitypolicy-1.2.xsd"/>
Note: ws-addr.xsd and ws-securitypolicy-1.2.xsd are loaded automatically due to that ther are referenced in ws-authorization.xsd or ws-federation.xsd.
- Restart Shibboleth SP to activate Restart Shibboleth SP toactivate the new schemas.