I'm trying to do a spike of an API proxy that needs to validate a SAML token on inbound requests. I have a Validate SAML Assertion policy that looks like the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ValidateSAMLAssertion ignoreContentType="false" name="MySamlValidation"> <DisplayName>MySamlValidation</DisplayName> <Source name="request"> <XPath>/Envelope/Header/Security/saml:Assertion</XPath> </Source> <Description/> <TrustStore>mytruststore</TrustStore> <RemoveAssertion>false</RemoveAssertion> </ValidateSAMLAssertion>
Whenever I try to deploy (and sometimes save) the configuration I get the aforementioned error ( "Source not configured in { }." ). The "Source" element is present with what seems to be a valid configuration according to the documentation. What am I missing?
Adding the Namespaces element fixed this issue for me. Now the policy looks like the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ValidateSAMLAssertion ignoreContentType="false" name="Validate-SAML-Assertion-1"> <Source name="request"> <Namespaces> <Namespace prefix="samlp">urn:oasis:names:tc:SAML:2.0:protocol</Namespace> <Namespace prefix="saml">urn:oasis:names:tc:SAML:2.0:assertion</Namespace> </Namespaces> <XPath>/samlp:Response/saml:Assertion</XPath> </Source> <TrustStore>mytrustore</TrustStore> <RemoveAssertion>false</RemoveAssertion> <DisplayName>ValidateSAMLAssertion</DisplayName> </ValidateSAMLAssertion>
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |