OpenSAML user discussion

["Scott Cantor" <>]

> The errors here remind me very much of the "ID-ness" problems discussed in
> earlier threads.  But I've stared at the xml long and hard, and believe
> that the ID attributes in the Shibboleth SAML1.1 response are in place.

It is an ID error, the rest is meaningless in the face of that. Whether
they're "in place" or not isn't the point. If you don't validate, IDness is
undefined as a concept (technically only DTD validation allows it, but
schemas are informally able to establish them).

Absent validation (or the new xml:id thing), IDness is a hack that can't be
dealt with other than by brute force knowledge of what the ID attributes
are, so something in the code has to set IDness, in this case the
unmarshaller. If the ID isn't getting set, then the code has a bug or you're
bypassing it in some way.

There were various ID setting bugs fixed recently, but there might still be
more.

-- Scott