verify SAML SP and IDP metadata
saml2-metadata-verifier
parses the provided metadata-xml-file and validates it to the SAML2.0 xsd-files using xmllint
. If the metadata file has values or options that are invalid for the SAML2.0 standard it prints out the errors.
You will need xmllint
. You can install the dependency from sources, rpm or apt packages:
curl -L ftp://xmlsoft.org/libxml2/LATEST_LIBXML2 -o ./LIBXML2_LATEST.tar.gz
tar -xf ./LIBXML2_LATEST.tar.gz
cd ./libxml2*
./configure --prefix=/usr --enable-static --with-threads --with-history
make
sudo make install
yum install libxml2-devel
apt-get install libxml2-utils
git clone https://github.com/FalcoSuessgott/saml2-metadata-verifier.git
make
saml2-metadata-verifier -h
Usage: saml2-metadata-verifier [OPTIONS...]
OPTIONS:
-f, --file path to metadata file
-v, --verbose verbos
docker run --rm -v ${PWD}/metadata.xml:/saml/metadata.xml gottziehtalles/saml2-metadata-verifier metadata.xml
# change -v ${PWD}/metadata.xml to your metadata file
./saml2-metadata-verifier.sh -f test/invalid_metadata.xml
-:77: element ContactPerson: Schemas validity error : Element '{urn:oasis:names:tc:SAML:2.0:metadata}ContactPerson', attribute 'contactType': [facet 'enumeration'] The value 'developer' is not an element of the set {'technical', 'support', 'administrative', 'billing', 'other'}.
- fails to validate
Shotouts to @joostd