Versions Compared

Old Version 3

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When trying to update SAML metadata that include multiple entities, described in the metadata.xml as <EntitiesDescriptor> you might observe the following error in SSO Management UI.

Invalid root element nameImage RemovedImage Added

The reason is that Ubisecure SSO is unable to read multiple entities and some changes are needed to the metadata.xml in order to be able to update it to the SSO Management UI. Below we have described the lines needed to be altered to have valid metadata that Ubisecure SSO can read.

In this example we are using Suomi.fi updated SAML metadata to take into use uusi.tunnistus.fi/idp1 entityID. After these modifications you should be able to update the modified metadata.xml to SSO Management UI and start using the new keys and endpoints published by Suomi.fi.

Example of updated SAML idp-metadata.xml, below is explained in more details which parts have been changed:

Code Block
languagexml
titleUpdated idp-metadata.xml (should only be used as reference)
linenumberstrue
collapsetrue
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://uusi.tunnistus.fi/idp1">
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>HMby+xyC7RC5lvg3sz7gwTmnB2eqsxU5TH6xkRE6Ik8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue> VDqebgmS8daJ0bvtN4d0mI6wUOfVRNu/jxshhMbkhcIN+696He6KRkOTmL7pORGZJ8xxUMLuUcWF kMTgAnvdLPv/szXXp6KHV9+aVgzaO8+2lMQNfEHynSqdXNcBj49VxPrA83F0ObEyaw/d4hlYJY1y AcuvOweA00dLPpwIUrGcAWcx6pL+GD/vTEFD9QbcYd8JXX0IGBIkaY3IUUoZRiJapF48HjIs92FW xw1+do55aDqZBYtljbHFCZxAqT+tm4I3Ql20iLafXttJ3CWFLWhRXHVQI2z+MTV3DP/SvgZKpU8I cLVWOeTL2KWqU6sdrOCtPgHjMvfrhQ8tkI0PJg== </ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus> 1gbNsNL6gUqTFPPaoOvGLNq5UlbpbPHYFtPN0rAyfJgZ7vNpmAnd6f0f6DqwaDUra4saGyww4ZuS AjxWZcrRHEvDwNDsavquUbfwE2DufwKC+iCh5vJX95ooNylA6J9Jt0DePzpdxStecRpuN+Yscr1T 6U7jfsCRCgJLoFGZh98lXa6AuwxPRmcREJBmfAc8MemFe1whI+T/5Al1++9XtMcT09YBzJi9lPcE tpCiv5cCMimUHHZ5vOLEtaBR2FA5bqT2Oxwr0ugktt0VUn+yCulfhTUFf6SORRupQxRyDZOV2OeP JQJxKi/th20rJLJXhcWzauyirf1T5J4AscLGXQ== </ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
<ds:X509Data>
<ds:X509Certificate> MIIGhTCCBG2gAwIBAgISBwAAAXb64N5W6JBNCmQhtbOYMA0GCSqGSIb3DQEBCwUA MHgxCzAJBgNVBAYTAkZJMSEwHwYDVQQKExhWYWVzdG9yZWtpc3RlcmlrZXNrdXMg Q0ExGjAYBgNVBAsTEVBhbHZlbHV2YXJtZW50ZWV0MSowKAYDVQQDEyFWUksgQ0Eg Zm9yIFNlcnZpY2UgUHJvdmlkZXJzIC0gRzMwHhcNMjEwMTEzMDkwMDAwWhcNMjMw MTEzMjE1OTU5WjCBmjELMAkGA1UEBhMCRkkxEDAOBgNVBAgMB0ZJTkxBTkQxETAP BgNVBAcMCEhlbHNpbmtpMSQwIgYDVQQKDBtEaWdpLSBqYSB2YWVzdG90aWV0b3Zp cmFzdG8xEjAQBgNVBAUTCTAyNDU0MzctMjEsMCoGA1UEAwwjbWV0YWRhdGEtc2ln bmluZy50dW5uaXN0dXMuc3VvbWkuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDWBs2w0vqBSpMU89qg68Ys2rlSVuls8dgW083SsDJ8mBnu82mYCd3p /R/oOrBoNStrixobLDDhm5ICPFZlytEcS8PA0Oxq+q5Rt/ATYO5/AoL6IKHm8lf3 mig3KUDon0m3QN4/Ol3FK15xGm435ixyvVPpTuN+wJEKAkugUZmH3yVdroC7DE9G ZxEQkGZ8Bzwx6YV7XCEj5P/kCXX771e0xxPT1gHMmL2U9wS2kKK/lwIyKZQcdnm8 4sS1oFHYUDlupPY7HCvS6CS23RVSf7IK6V+FNQV/pI5FG6lDFHINk5XY548lAnEq L+2HbSsksleFxbNq7KKt/VPkngCxwsZdAgMBAAGjggHkMIIB4DAfBgNVHSMEGDAW gBRlBOgtkufLKqtXFahlKqr6txZ09jAdBgNVHQ4EFgQUzLJUEN5aPKLbWZVj8pvH 7GmMw4AwDgYDVR0PAQH/BAQDAgbAMIHXBgNVHSAEgc8wgcwwCAYGBACPegEHMIG/ BgkqgXaEBQEKIgEwgbEwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZmluZWlkLmZp L2NwczMzLzCBhQYIKwYBBQUHAgIweRp3VmFybWVubmVwb2xpdGlpa2thIG9uIHNh YXRhdmlsbGEgLSBDZXJ0aWZpa2F0IHBvbGljeSBmaW5ucyAtIENlcnRpZmljYXRl IHBvbGljeSBpcyBhdmFpbGFibGUgaHR0cDovL3d3dy5maW5laWQuZmkvY3BzMzMw DwYDVR0TAQH/BAUwAwEBADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcHJveHku ZmluZWlkLmZpL2NybC92cmtzcDNjLmNybDBqBggrBgEFBQcBAQReMFwwMAYIKwYB BQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkvY2EvdnJrc3AzLmNydDAoBggr BgEFBQcwAYYcaHR0cDovL29jc3AuZmluZWlkLmZpL3Zya3NwMzANBgkqhkiG9w0B AQsFAAOCAgEAS8FOx5HnWpxusEsXBs2CphhDVurzjKlk+kEOtnL9T3EQt7h9B98Z Q2SWl6q3G/2i2gZmbglzQW8ASMqrgybIU8zrDBrlWPoWrc+9AapW6EoyuRsyH2Ib 3urP9kQfqL/h2/F09RPEqh3//TSvNYIy1es7KrHHIxvZm5X1Kl+2ubHyeAxdZcWO ktM7piGoucQwP0KdCybQ+3sGIW4m4FYELdE+Hu5fHuhf7FQBh1eMFhiGT2J61W4t 5DnrMg0m8G+7K9zEbq67OgeaQkP9KUrylWWkFfWFoAID6vDfp8M4Z9SWGwFkyF0t SLCluQRGTHE7IyrJbhVwacikiCaLpzTo7ESl8mvJ6rCUTShwoJHP5gkpznZLXybT Ny7fnLWNlNvsPYQrubMSY5KOvkaNLid/Mo/EZfju1akzO9AvAwPbIXNR0gzSZeLX mlPk6e0s/o1XpN4sIWO+0gbVrM4xmy+IeBxqi+I/h7evdHwa3rqWez1gs+CoYqMn 8Rqn7Q/Iz+psIICgSB/rwKVcmmcldzpzh6/H8gKWE0902uw0Ju3UrR3O54Cxfzlp SBCkCBtNpsgBzEsY5tFUehWv0Lb/IDo0jpiVi0NEIr7RUaED1eoAfKosP9Gx08l7 hu0wEmoannsf9kZ3CZd8c6XHWsrvKGsNY9lG9SPH+FcHLcRHx4vSbnk= </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="fi">Suomi.fi-tunnistus</mdui:DisplayName>
<mdui:DisplayName xml:lang="en">Suomi.fi-identification</mdui:DisplayName>
<mdui:DisplayName xml:lang="sv">Suomi.fi-identifikation</mdui:DisplayName>
<mdui:Description xml:lang="fi">Suomi.fi-tunnistus</mdui:Description>
<mdui:Description xml:lang="en">Suomi.fi-identification</mdui:Description>
<mdui:Description xml:lang="sv">Suomi.fi-identifikation</mdui:Description>
<mdui:Logo height="70" width="752">https://tunnistaminen.suomi.fi/resources/img/logo_fi.svg</mdui:Logo>
</mdui:UIInfo>
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate> MIIG/DCCBOSgAwIBAgISBwAAAXVFzV4S7D1jRKP8ubm/MA0GCSqGSIb3DQEBCwUA MHgxCzAJBgNVBAYTAkZJMSEwHwYDVQQKExhWYWVzdG9yZWtpc3RlcmlrZXNrdXMg Q0ExGjAYBgNVBAsTEVBhbHZlbHV2YXJtZW50ZWV0MSowKAYDVQQDEyFWUksgQ0Eg Zm9yIFNlcnZpY2UgUHJvdmlkZXJzIC0gRzMwHhcNMjAxMDIyMjEwMDAwWhcNMjIx MDIyMjA1OTU5WjCBkTELMAkGA1UEBhMCRkkxEDAOBgNVBAgMB0ZJTkxBTkQxETAP BgNVBAcMCEhlbHNpbmtpMSQwIgYDVQQKDBtEaWdpLSBqYSB2YWVzdG90aWV0b3Zp cmFzdG8xEjAQBgNVBAUTCTAyNDU0MzctMjEjMCEGA1UEAwwaaWRwLnR1bm5pc3Rh bWluZW4uc3VvbWkuZmkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv lFwmW2Q73bIsbPvrzxF9n3MK8/2dQge89c63S/dANmz/Yj0RAZyzrkd7EWe1mzRQ SrSXesS3gl4gNgJzZDcpiywi0FGggDViLlZGvNIDWqh6SYcO5nH7UT9ouKtiVFHe Eo59aMQ9rUaerCoNEpeeYxbsU83dAQkF1OH0W8V/94IUYac9mLDPD5FOUcAY0Kxy HeuppNuFCEGSYIsKqd0wU4CNE+wuPRCDTuGv+I8nIHwC75aaDFpacgGt0OXm7D3N 0BaBnyke0nrYMbqY+e1VpiOeADHrKokKWfOXkL6Y6eNYMx2MwuFTPOnMxSN50cQO DOIrvXuVuH9+lrYYOvFtyiH6wF6NkmYjUh2yNkwMtv20SGMy3CG2nfm6DlKFwDXQ zB5nUOe5YfTWFoQWR5NrwVEVCpTN+PVTzBNp8Ul+880+RP+aooWkv9+dt1ViwkEf KRvyAGSWPI8uX8z4+76PmHi0ZLSwrHNNGdB63xJ+wzxdmXg9BD4qHZ65j9ANBT8C AwEAAaOCAeQwggHgMB8GA1UdIwQYMBaAFGUE6C2S58sqq1cVqGUqqvq3FnT2MB0G A1UdDgQWBBTRhXY0Ah5dkNaYdSoWOKWHCS9yLjAOBgNVHQ8BAf8EBAMCBsAwgdcG A1UdIASBzzCBzDAIBgYEAI96AQcwgb8GCSqBdoQFAQoiATCBsTAnBggrBgEFBQcC ARYbaHR0cDovL3d3dy5maW5laWQuZmkvY3BzMzMvMIGFBggrBgEFBQcCAjB5GndW YXJtZW5uZXBvbGl0aWlra2Egb24gc2FhdGF2aWxsYSAtIENlcnRpZmlrYXQgcG9s aWN5IGZpbm5zIC0gQ2VydGlmaWNhdGUgcG9saWN5IGlzIGF2YWlsYWJsZSBodHRw Oi8vd3d3LmZpbmVpZC5maS9jcHMzMzAPBgNVHRMBAf8EBTADAQEAMDcGA1UdHwQw MC4wLKAqoCiGJmh0dHA6Ly9wcm94eS5maW5laWQuZmkvY3JsL3Zya3NwM2MuY3Js MGoGCCsGAQUFBwEBBF4wXDAwBggrBgEFBQcwAoYkaHR0cDovL3Byb3h5LmZpbmVp ZC5maS9jYS92cmtzcDMuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcC5maW5l aWQuZmkvdnJrc3AzMA0GCSqGSIb3DQEBCwUAA4ICAQCvPOrBbewVj0k53+SbH1WD Jj8dRxuobURxZX5Gt/nKNVbkpd6mEBwgkzGVm54p709SN33iIqIu0RaZsCTBcv2x AzFFbQgG2FsiieswuDaGjlc2sFQ/G/1gerM1uazMGEbVRSMNc9sBTdnv4WSAr8X+ mgfCIqCr1tTZDduSNZZlloXjZP0sAQ4guLCe5nKuKsdWbikkwNAuA/X/UvnjRHNS df451po9xP0Dvk0y2QqOnp37vVo60fEdX88ht9BO8PkOS/v6mJ7kQh9iT92mpM3Z +q+HAwHd9ZxwGyrnr8H6QXhmA78pGvnUTCmPNHj/V/SZFZtd7Pr0rJPrAjvPP613 3dbubOY1hSH24Pke+8pRfiuVXbJebNdy9oAis70tUNYXY09ALLonukp/wS2/nN9J MwLPAvkFYTJ0wNdeIMTQPTjOysyjZ0M5+TzIzdDfEuNTv0nSxmIfoYl2sjSw+EI1 WbAozqPqiLMkdviyKDjt0Zqh+8pld4qv4Cg/pKOGWEU29nRZJR3gL3o8xzZF4DvP 3TjDMicMwMUZj6q7v2ulRTlW/4qtT/4jD0NknrOnFtFXBZYCThZh6UjnQJoXq6gN aM+H2TPeXJ8oXOAxGoRah+9j6I1rz5gZytYgWBxZIrokpRf3xOXHK1VSw3oU3ScL Ox442mPwg9Jex1Fu5RbArA== </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate> MIIG7DCCBNSgAwIBAgIEDB9zGzANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJG STEhMB8GA1UEChMYVmFlc3RvcmVraXN0ZXJpa2Vza3VzIENBMRowGAYDVQQLExFQ YWx2ZWx1dmFybWVudGVldDEqMCgGA1UEAxMhVlJLIENBIGZvciBTZXJ2aWNlIFBy b3ZpZGVycyAtIEczMB4XDTE5MDIwNzIyMDAwMFoXDTIxMDIwNzIxNTk1OVowgY8x CzAJBgNVBAYTAkZJMRAwDgYDVQQIEwdGaW5sYW5kMREwDwYDVQQHEwhIZWxzaW5r aTEeMBwGA1UEChMVVmFlc3RvcmVraXN0ZXJpa2Vza3VzMRowGAYDVQQLExFQYWx2 ZWx1dmFybWVudGVldDEfMB0GA1UEAxMWaWRwLnR1bm5pc3R1cy5zdW9taS5maTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK9ooJFj6AL/c5YK9CCY4NE4 t9z8FtP7YlDuR8/2ti+BWTrBFhzW1sBg/zRcG3vHUwzmTiuh+T0Qsu0NjkI+jZ0P UGKoyvhrDnBOvKK6/GyHcWN3plJ3tfa30TUoWNTRsQBMA6t1hght8hlxOeS0zpxB mvDrShBIpnzIoLGmI3uIT9GkeJG6/TmNUOFFHb+/yU/NgC4Vq8orBeq1rRTRLs3v OW20KLC57xIWG/GbgthMCInAMACKHLAD6MmOdKAeQis/6MMiWT9i29NncajVYkU4 Bngoc/wnYvcifnJvR9BeZyD872aDDPVVIMUnRpNlIJcxWUX4lHQH6vGafHHkyeq9 DrWK4I8051o8J6A5hbwKeeJbZRofpl5Mn3CRjvQ3cWyYARtb9vJTLIzhv65G6dIr QwVRiaNKFqe5EVE/7GlFYcrW/kp/48C5OzHLpOsdoazdkMJBz7QQkLlZm9RvaLdS agWjWXv2xFpvLyLq0LqsSKys0Pg67ZwPFWrxQmNsGQIDAQABo4IB5DCCAeAwHwYD VR0jBBgwFoAUZQToLZLnyyqrVxWoZSqq+rcWdPYwHQYDVR0OBBYEFHRj6VoLoeAQ gJxAIpbUnr4lTGc9MA4GA1UdDwEB/wQEAwIGwDCB1wYDVR0gBIHPMIHMMAgGBgQA j3oBBzCBvwYJKoF2hAUBCiIBMIGxMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmZp bmVpZC5maS9jcHMzMy8wgYUGCCsGAQUFBwICMHkad1Zhcm1lbm5lcG9saXRpaWtr YSBvbiBzYWF0YXZpbGxhIC0gQ2VydGlmaWthdCBwb2xpY3kgZmlubnMgLSBDZXJ0 aWZpY2F0ZSBwb2xpY3kgaXMgYXZhaWxhYmxlIGh0dHA6Ly93d3cuZmluZWlkLmZp L2NwczMzMA8GA1UdEwEB/wQFMAMBAQAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDov L3Byb3h5LmZpbmVpZC5maS9jcmwvdnJrc3AzYy5jcmwwagYIKwYBBQUHAQEEXjBc MDAGCCsGAQUFBzAChiRodHRwOi8vcHJveHkuZmluZWlkLmZpL2NhL3Zya3NwMy5j cnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmZpbmVpZC5maS92cmtzcDMwDQYJ KoZIhvcNAQELBQADggIBAE2Fl/XPrY09yt3YEKJibai5BMoObu6PC8i8AY6Gzq8W tt97T6hfA0PYCstxHei1iZwJi8b9T7zK2TlNVMwzPfs7O12GN067kz2Jg13rbI09 dNO5IEQDj8eXvT2R8+eFmj6CKNQEtCN6v4oS4/69RZFpQulZR4CvccDQCaGKM2Fb TKcyfw/x1G4j6tcalq+2DInIyMMjbe8xqHQZgtThZ0MGxdQLkc49Ah70x4kQefvT d/BBRAHmdOjcqspgQXR5rZUUm+ay1ae8h7sRrvt01xd90zJNQ+uyNNNkTM6A5nsZ Bae5A69F4nQYTUHTOLpscJ26ny/3VXjwF1bVBQjRmeExrYwK3sANpEvNAY1ZyIcz M1ZNp1SiRZ14SZaVqGfhpTxJfxIxXC++wXOLwqSZdQdMvlslbfEXo7TdfSNzen11 E4DbPr818iM4Zpyj+pfxp51G6SrfPJwguHXdjaEK8SW1+GyM7eAOAmU5QxwCttTR MrB7fNk7k3Nnc29i3VI9GhDCRhhU81HeMQh6wezqKlNVxWgYmu8/gv6NlvI9wr2B toYKuWosrJF2JrSNIOajv8ovYdNEoxEyFcmukbkBFZvc3+6INU3NGU/zAsf8A0CH Sc3e44Z6IPIwZQLUIK8r2wV26YcEDEvNtrzvpqS1XoabwIsiPf97Zp6Y7tBnAaoX </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tunnistaminen.suomi.fi/idp/profile/SAML2/POST/SLO"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tunnistaminen.suomi.fi/idp/profile/SAML2/Redirect/SLO"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tunnistaminen.suomi.fi/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tunnistaminen.suomi.fi/idp/profile/SAML2/Redirect/SSO"/>
</IDPSSODescriptor>
<Organization>
<OrganizationName xml:lang="fi">Digi- ja väestötietovirasto</OrganizationName>
<OrganizationName xml:lang="en">Digital and Population Data Services Agency</OrganizationName>
<OrganizationName xml:lang="sv">Myndigheten för digitalisering och befolkningsdata</OrganizationName>
<OrganizationDisplayName xml:lang="fi">Digi- ja väestötietovirasto</OrganizationDisplayName>
<OrganizationDisplayName xml:lang="en">Digital and Population Data Services Agency</OrganizationDisplayName>
<OrganizationDisplayName xml:lang="sv">Myndigheten för digitalisering och befolkningsdata</OrganizationDisplayName>
<OrganizationURL xml:lang="fi">https://dvv.fi/etusivu</OrganizationURL>
<OrganizationURL xml:lang="en">https://dvv.fi/en/</OrganizationURL>
<OrganizationURL xml:lang="sv">https://dvv.fi/sv/</OrganizationURL>
</Organization>
<ContactPerson contactType="technical">
<GivenName>Suomi.fi-tunnistus</GivenName>
<SurName>Kayttoonotot</SurName>
<EmailAddress>mailto:tunnistus-kayttoonotot@dvv.fi</EmailAddress>
</ContactPerson>
<ContactPerson contactType="administrative">
<GivenName>Suomi.fi</GivenName>
<SurName>Palvelupiste</SurName>
<EmailAddress>mailto:suomi.fi-palvelupiste@dvv.fi</EmailAddress>
</ContactPerson>
</EntityDescriptor>

...