SPMetaData and Migration to OIOSAML 3

Zoran Avtarovski

Hi Guys,

We have started the process of migrating to OIOSAML3 and as part of that we need to upload our SPMetaData file to the administrator portal. I remember with OIOSAML 2 the webapp included a generator which generated the metadata file, but I couldn't see that in the new sample app. 

I tried generating the file manually uising the samples as a guide but it failed validation on the administrator portal with the errors below, which seemed strange as the file was similar to the samples. 

As always any assistance would be appreciated.







Error: The assertion consumer service binding is not found. The only allowed binding is: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")


Error: The attribute name format is missing. The only allowed value is NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"


Error: The following mandatory attribute is missing: https://data.gov.dk/model/core/specVersion (SpecVer)


Error: The following mandatory attribute is missing: https://data.gov.dk/concept/core/nsis/loa (Level Of Assurance)


Error: The following mandatory attribute is missing: https://data.gov.dk/model/core/eid/professional/cvr (CVRnumberIdentifier)


Error: The following mandatory attribute is missing: https://data.gov.dk/model/core/eid/professional/orgName (organizationName)


Error(Line 76): It is not allowed to specify more than one NameIdFormat.


Error (line: 77):The element IDPSSODescriptor in namespace urn:oasis:names:tc:SAML:2.0:metadata has invalid child element NameIDFormat in namespace urn:oasis:names:tc:SAML:2.0:metadata. List of possible elements expected: SingleSignOnService, NameIDMappingService, AssertionIDRequestService, AttributeProfile in namespace urn:oasis:names:tc:SAML:2.0:metadata as well as Attribute in namespace urn:oasis:names:tc:SAML:2.0:assertion.

Hi Zoran,

Please remember that you need to use OIO SAML 3 reference implementation package in either dotNET or Java. Both of these have implemented endpoints for generating metadata files which can be uploaded to the Administration of NemLog-in. Please refer to the documentation of the respective implementations:

You can read the latest version (as of writing this) of the OIO SAML 3 profile at https://www.digitaliser.dk/resource/6508977 which states the requirements for the metadata, which all of the above errors originate from.

Morten D. Bech

Thanks Morten,

I can't believe I missed the top link. II was able to successfully generate the file.