Identity Providers based on ADFS can contain extensions in their metadata that by default are not validated by Shibboleth Service Provider. This means that SWAMID metadata will not automatically be validated by Shibboleth SP unless you add support for some schemas used by Microsoft.
Add configuration in ${install_prefix}/share/xml/shibboleth/catalog.xml for downloaded schemas.
<system systemId="http://docs.oasis-open.org/wsfed/authorization/200706" uri="@-PKGXMLDIR-@/ws-authorization.xsd"/> <system systemId="http://docs.oasis-open.org/wsfed/federation/200706" uri="@-PKGXMLDIR-@/ws-federation.xsd"/> |
Note: ws-addr.xsd and ws-securitypolicy-1.2.xsd are loaded automatically due to that ther are referenced in ws-authorization.xsd or ws-federation.xsd.