Identity Providers based on ADFS has in their metadata normally extensions that by default are note validated by Shibboleth Service Provider. This means that SWAMID metadata will not automatically be validated by Shibboleth SP unless you add support for some schemas used by Microsoft.
Add configuration in ${install_prefix}/share/xml/shibboleth/catalog.xml for downloaded schemas.
<system systemId="http://docs.oasis-open.org/wsfed/authorization/200706" uri="@-PKGXMLDIR-@/ws-authorization.xsd"/> <system systemId="http://docs.oasis-open.org/wsfed/federation/200706" uri="@-PKGXMLDIR-@/ws-federation.xsd"/> |
Note: ws-addr.xsd and ws-securitypolicy-1.2.xsd is loaded automatically due to that ther are referenced in ws-authorization.xsd or ws-federation.xsd.