Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIE public SP metadata validation - VATNumber not recognized? #115

Open
lscorcia opened this issue Dec 6, 2021 · 9 comments · Fixed by #148 · May be fixed by #149
Open

CIE public SP metadata validation - VATNumber not recognized? #115

lscorcia opened this issue Dec 6, 2021 · 9 comments · Fixed by #148 · May be fixed by #149
Labels
already done

Comments

@lscorcia
Copy link

lscorcia commented Dec 6, 2021

CIE SP metadata description at https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/federazione.html#informazioni-di-censimento-e-contatto mentions the VATNumber and FiscalCode attributes as mandatory for private SPs and optional for public ones.
However when running spid_sp_test --metadata-url https://sso.mise.gov.it/sso-metadata/metadata-cieid --profile cie-sp-public I get the following error:

immagine

I guess either the XSD is missing those attributes or the mentioned specs are obsolete.
@peppelinux
Copy link
Member

Ciao @lscorcia

from a quick look it seems to me that the problem is that you inserted the element vatnumber or fiscalnumber in a wrong position. Unfortunately the xsd scheme is very rigid on the position of the elements. If it is this we could update the manual in this regard. Let us know if it comes back to you

@lscorcia
Copy link
Author

lscorcia commented Dec 7, 2021

Well, the ##other directive would probably allow them if I put them at the end, but looking at the XSD file it seems like there are other differences to the published spec:

  • For private SPs, FiscalCode and VATNumber are marked as minOccurs="0", while they should be present exactly once:

spid-sp-test/src/spid_sp_test/xsd/cie/cie.xsd

Lines 27 to 34 in 512a5be

<group name="PrivateGroup">
<sequence>
<element ref="cie:Private"/>
<element ref="cie:VATNumber" minOccurs="0"/>
<element ref="cie:FiscalCode" minOccurs="0" />
<element ref="cie:NACE2Code" minOccurs="0" />
</sequence>
</group>

  • For public SPs, the elements as described in the code above would be correct.

This leads me to think that maybe it's a copy/paste mistake in the XSD. The elements definition in the private section should actually be in the public one, and the private one should be corrected with minOccurs="1".

@peppelinux
Copy link
Member

We're waiting for a PR from the authors of the XSD file

@PiemP
Copy link

PiemP commented Sep 12, 2022

I hope is the right way to report it. I have a similar issue on the NACE2Code tag:

ERROR:spid_sp_test.metadata:Test https://host.docker.internal:5001/metadata-cie/metadata.xml with saml-schema-metadata-sp-cie.xsd: failed validating <Element '{urn:oasis:names:tc:SAML:2.0:metadata}Extensions' at 0x7f7ae29af630> with XsdGroup(model='sequence', occurs=[1, 1]):

Reason: Unexpected child with tag 'cie:NACE2Code' at position 4. Tag 'cie:Municipality' expected.

Schema:

  <complexType xmlns="http://www.w3.org/2001/XMLSchema" name="ContactPersonSPExtensionType">
      <sequence>
          <choice>
              <group ref="cie:PublicGroup" maxOccurs="1" />
              <group ref="cie:PrivateGroup" maxOccurs="1" />
          </choice>
          <element ref="cie:Municipality" minOccurs="1" maxOccurs="1" />
          <element ref="cie:Province" minOccurs="0" maxOccurs="1" />
          <element ref="cie:Country" minOccurs="0" maxOccurs="1" />
          <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded" />
      </sequence>
  </complexType>

Instance:

  <md:Extensions xmlns:cie="https://www.cartaidentita.interno.gov.it/saml-extensions" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:p7="http://www.w3.org/2001/XMLSchema-instance"><cie:Public p7:type="q1:string" /><cie:IPACode>codiceIPA_SP</cie:IPACode><cie:IPACategory>categoriaIPA_SP</cie:IPACategory><cie:NACE2Code>CODICE_ATECO</cie:NACE2Code><cie:Municipality>CODICE_ISTAT_SEDE</cie:Municipality><cie:Country>IT</cie:Country></md:Extensions>

Path: /md:EntityDescriptor/md:ContactPerson[1]/md:Extensions

ERROR:spid_sp_test.metadata:Test https://host.docker.internal:5001/metadata-cie/metadata.xml with saml-schema-metadata-sp-cie.xsd

I believe the order is correct but spid-sp-test give me this error. I believe it's necessary to fix the definition of the NACE2Code tag to mark it's maxOccurs as unbounded according to this definition https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/federazione.html#informazioni-di-censimento-e-contatto.

@PiemP PiemP mentioned this issue Sep 12, 2022
Closed
@peppelinux peppelinux mentioned this issue Sep 12, 2022
Merged
@peppelinux
Copy link
Member

The PR below solves this issue
#148

@PiemP
Copy link

PiemP commented Sep 13, 2022

Well, the ##other directive would probably allow them if I put them at the end, but looking at the XSD file it seems like there are other differences to the published spec:

  • For private SPs, FiscalCode and VATNumber are marked as minOccurs="0", while they should be present exactly once:

spid-sp-test/src/spid_sp_test/xsd/cie/cie.xsd

Lines 27 to 34 in 512a5be

<group name="PrivateGroup">
<sequence>
<element ref="cie:Private"/>
<element ref="cie:VATNumber" minOccurs="0"/>
<element ref="cie:FiscalCode" minOccurs="0" />
<element ref="cie:NACE2Code" minOccurs="0" />
</sequence>
</group>

  • For public SPs, the elements as described in the code above would be correct.

This leads me to think that maybe it's a copy/paste mistake in the XSD. The elements definition in the private section should actually be in the public one, and the private one should be corrected with minOccurs="1".

I'm sorry, probably my comment have create some misunderstanding. The PR #148 solve the definition of the NACE2Code element but the ContactPerson item reamain wrong. The choice tag in the xsd allow only one of the two element between PublicGroup and PrivateGroup: but a PA could have a FiscalCode or a VATNumber or a ATECO code (NACE2Code tag). If you want I could make a PR for you.

@peppelinux peppelinux reopened this Sep 13, 2022
@peppelinux
Copy link
Member

Yes please

@PiemP PiemP linked a pull request Sep 13, 2022 that will close this issue
Open
@peppelinux
Copy link
Member

Ciao, i nuovi files XSD condivisi dai colleghi di IPZS sono stati aggiornati in questa release
https://github.com/italia/spid-sp-test/releases/tag/v1.2.11
Questo problema è ancora presente a seguito di questo aggiornamento?

@PiemP
Copy link

PiemP commented Dec 14, 2022

Ciao, i nuovi files XSD condivisi dai colleghi di IPZS sono stati aggiornati in questa release https://github.com/italia/spid-sp-test/releases/tag/v1.2.11 Questo problema è ancora presente a seguito di questo aggiornamento?

seems a big change with a lot of potentially issue:

Probably I need to test it before say that, but I'm near to my Christmas vacations. I don't know when I can test it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
already done
Projects
None yet
Milestone
No milestone
3 participants
@peppelinux @PiemP @lscorcia