Access Manager fails on importing Oracle Cloud SAML2 metadata

  • 7024634
  • 18-May-2020
  • 24-Jun-2020

Environment

  • Access Manager 4.4.4
  • Access Manager 4.5.0
  • Access Manager 4.5.1
  • Access Manager 4.5.2

Situation

Trying to import the Oracle Cloud SAML2 metadata returns:

Error:

The XML is malformed. cvc-elt.4.2: Cannot resolve 'query:AttributeQueryDescriptorType' to a type definition for element 'md:RoleDescriptor'.

Resolution

  • This issue has been addressed to engineering and a fix will be shipped with NAM 4.5.3

  • As a workaround it has been tested that there seems to be no functional loss by removing the complete <md:RoleDescriptor> element from the metadata document before importing it

Cause

Access Manager has not been extended to handle the "<md:RoleDescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" xsi:type="query:AttributeQueryDescriptorType">" element which is part of the Metadata Extension for SAML V2.0 and V1.x Query Requesters specifications which have no been implemented by Access Manager