italia/spid-sp-test

CIE private SP - command not reporting issues concerning certificate, while https://federazione.servizicie.interno.gov.it does

hello96 opened this issue · 2 comments

hello96 commented

Hi there,
I'm opening an issue to share my experience with spid-sp-test in order to improve this already awesome tool, as agreed with @peppelinux.

I'm following the procedure to become a CIE private SP and yesterday, when uploading my metadata to https://federazione.servizicie.interno.gov.it, I got the following error:
[/EntityDescriptor/Signature/KeyInfo/X509Data/X509Certificate] Certificato non valido.

Therefore I analized the metadata with spid-sp-test, using the docker image http://ghcr.io/italia/spid-sp-test:latest.

It came out that there were no errors concerning the certificate, just a "Missing ContactPerson/Extensions/Private, this element MUST be present" (I had previously seen an issue on this repo dealing with that, so I knew it was not a problem in my case).

After that I updated the acs and logout endpoints' locations (I am using the CIE ID provider for keycloak https://github.com/lscorcia/keycloak-cieid-provider, so maybe my updates also affected something I might not be aware of 😃) and the next validation through https://federazione.servizicie.interno.gov.it passed as a charm.

Hope this can help 😄

peppelinux commented

thx @hello96 and sorry for the huge late in answer!

how can we fix this issue?
is this issue raised for private sector CIE SP?

it seems to me that spid-sp-test CIE SP checks this behaviour as the metadata was for SPID, and you're telling us that it should not do this check?