>> schema_reference.4: Failed to read schema document 'http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>. Most probably its sp metadata issue. Sp metadata is not shibboleth compatible.

Hi, Ramkumar, Zico. We already have a [similar ticket](https://support.gluu.org/single-sign-on/3995/saml-authentication-with-nextcloud/) with the same metadata validation errors mentioned. One thing I've just thought about: you may need to ensure that it's possible to contact external Internet from within the container. Check that you can do `# ping google.com` from inside container successfully. May be some naming resolution or connectivity issues prevent it from completing certain validation steps? Please also share your SP's metadata with us.

Please find my SP metadata - Spring SAML. We do not have internet from IDP or SP. In Gluu 2.x the same configuration working fine. So we have this problem in Gluu 3.x. We need to configure idp/sp without out internet. <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="ramspcot" entityID="ramspcot"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#ramspcot"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kgCRiZxX3+zlcmfjx9GQ+xfn8XA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>T81VFQLktOcj1OLGdocJdVaxsHZjbRtyrAuNgYFMD4cU/gV3L7v6cL/iQOQBfqTbuTX72zrZOkXqQMx+j95vwWdc4jRKa5py2qtwsKU7pv+BEb6hjd3dGCCC0mbUAOkU9PRmQtLG9WK2K1zfmEZWFgKjcSC7zSws3alt9at3dPe6CKv7STyi1nv9tTJ2Blkf/JAxMvbQtVOxJ+TK3JQRFDXRBGbnHNh155p0aElcTxiVrfVRGLPBW3nmlWZULFyfPPqJhbIB/tAS9TAVmO2HKyR1iZeNd7sffWzpMJqt+MpVzqq7ajw8wgHLYSDeodmDaIeZC0gyVfq/NjB27buDsmw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:Extensions><idpdisco:DiscoveryResponse xmlns:idpdisco="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://tenant1.mydomain.com/saml/login?disco=true"/></md:Extensions><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC+zCCAe1OgAwIBAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC+zCCAeOgAwI2BAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxqvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor> <!--<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tenant1.mydomain.com/saml/SingleLogout"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tenant1.mydomain.com/saml/SingleLogout"/> --> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tenant1.mydomain.com/saml/SSO" index="0" isDefault="true"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://tenant1.mydomain.com/saml/SSO" index="1"/></md:SPSSODescriptor></md:EntityDescriptor>

I tried to 'validate' your metadata and it's not validating. Here are invalid syntax. You can also use saml validator if you want. ``` Line: 1 | Column: 0 --> Element '{http://www.w3.org/2000/09/xmldsig#}SignatureValue': 'T81VFQLktOcj1OLGdocJdVaxsHZjbRtyrAuNgYFMD4cU/gV3L7v6cL/iQOQBfqTbuTX72zrZOkXqQMx+j95vwWdc4jRKa5py2qtwsKU7pv+BEb6hjd3dGCCC0mbUAOkU9PRmQtLG9WK2K1zfmEZWFgKjcSC7zSws3alt9at3dPe6CKv7STyi1nv9tTJ2Blkf/JAxMvbQtVOxJ+TK3JQRFDXRBGbnHNh155p0aElcTxiVrfVRGLPBW3nmlWZULFyfPPqJhbIB/tAS9TAVmO2HKyR1iZeNd7sffWzpMJqt+MpVzqq7ajw8wgHLYSDeodmDaIeZC0gyVfq/NjB27buDsmw==' is not a valid value of the atomic type 'xs:base64Binary'. Line: 1 | Column: 0 --> Element '{http://www.w3.org/2000/09/xmldsig#}X509Certificate': 'MIIC+zCCAe1OgAwIBAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=' is not a valid value of the atomic type 'xs:base64Binary'. Line: 1 | Column: 0 --> Element '{http://www.w3.org/2000/09/xmldsig#}X509Certificate': 'MIIC+zCCAeOgAwI2BAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxqvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=' is not a valid value of the atomic type 'xs:base64Binary'. ```

Please find updated valid metdata (Checked with SAML validator) tested with 3.0.1.2.1 Gluu IDP, still getting same error in "schema_reference.4: Failed to read schema document 'http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>." <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="localhost-demo" entityID="localhost-demo"><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJAIU7CnmezGizMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2Fs aG9zdDAeFw0xNjA0MDMwMjEwMjVaFw0yNjA0MDEwMjEwMjVaMBQxEjAQBgNVBAMMCWxvY2FsaG9z dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1NO3L/yCCb+MYFkypvJXcjlQuyRG7U FATYOYQZzIxsD9AtnXPh67uVkZTIoK7Ps5X4a5qVARtdN+GCFZ/ITahlAlIx8rmVsbz+7XPWpGPf 75tKbem3pON2NlYWwIEQqyuValZHDUMgIXPdGIAZeNejVu7gYMLJwiSMtB0uBM69ptzgigJcbnup /cSLW4fBh4ck5kj0SVmX58knfaizrVf+ghGyNFha9Xy+DoilCofxwFIpVskv/hczZ5L+e81R+u2U bNzRwf8paF5fdVwaHPGLOYSBGjSm71VDdJqlvKrJCBoCQODhtmJOmDHDjtf6gwwbdg3g9GvyqIJn RqBO908CAwEAAaNQME4wHQYDVR0OBBYEFMNtl5fAchs35gZS4EF8/0C7QfBQMB8GA1UdIwQYMBaA FMNtl5fAchs35gZS4EF8/0C7QfBQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADV L8LgYGlmaHlyrKyKfsQFTVbdT1Fk3WaGocVbhmvFeEBHScSJNR0syDcDM1C18pZ6Jc73cW7UdtLb LbRNPXS+qcp5GZroafndPIL2QzdKXfc5MiGH7CRCZit9kiNJ6YYgsztappXnwKblioJHB1BcoLRz MeD295DAGLEVuc5tSY7JHBD3YQS9Pwt3ivrvvCzFKOU9nHqChMCplO4StGpSbbSR6XNgsPA0XLWl leuTqLGvJ4bHXPKC+0Y+0AiQYx3GeWLVrwJ4w+PFEK73vyuB9H10x+zy1nFWvqoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tenant1.mydomain.com/saml/SingleLogout"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://tenant1.mydomain.com/saml/SingleLogout"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tenant1.mydomain.com/saml/SSO" index="0" isDefault="true"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://tenant1.mydomain.com/saml/SSO" index="1"/></md:SPSSODescriptor></md:EntityDescriptor> Can you please help us. Thanks Regards Ramkumar.C

Dmitry, can you take a look at this issue?

Hi, Ramkumar Ch I've created an issue: https://github.com/GluuFederation/oxTrust/issues/529 In process...

Hi, Ramkumar Ch I found that it is not problem of validation phase... It's problem of unstable networks, while Schema class cannot download all XSD files from www.w3.org, shibboleth.net, etc. Your second metadata file is OK and the validator itself is OK, but some kind of network error was happen. I'm adding a handler for this case (add without validation if some sites are unaccessible, with warning in UI).

Please let me know any patch needs to be applied on Gluu 3.0.1.2.1 or changes needed in metadata schema values for testing from my end. Thanks Regards Ramkumar.C

To solve the issue, we created manually the sp metadata xml in /opt/gluu-server-3.0.1/opt/shibboleth-idp/metadata/23FB08841EEA8C240002F04874B20006E3C9DC38-sp-metadata.xml path. Restart shibboleth idp and xTrust->SAML-Trust Relationship will show active status, but the validation is shown as "Validation Failed". Still the SAML IDP/SP integration works perfectly. Thanks Ramkumar.C

Resolved in gluu-server 3.0.2