Solutions

Data does not conform to schema error in SAML2 federation when AM (All versions) is federating with a third-party provider

Last updated Oct 19, 2020

The purpose of this article is to provide assistance if you see a "Data does not conform to schema" error when AM is federating with a third-party entity provider. AM can be either the hosted Identity provider (IdP) or hosted Service Provider (SP).

Symptoms

The following error is shown when in the Federation debug log:

com.sun.identity.saml2.common.SAML2Exception: Data does not conform to schema.

The lines preceding this error will give more information on where the issue is occurring, for example:

  • Issue with the AuthnRequest: 
    ERROR: UtilProxySAMLAuthenticator.getAuthnRequest:
com.sun.identity.saml2.common.SAML2Exception: Data does not conform to schema.
   at com.sun.identity.saml2.protocol.impl.AuthnRequestImpl.validateSignature(AuthnRequestImpl.java:815)
   at com.sun.identity.saml2.protocol.impl.AuthnRequestImpl.parseDOMElement(AuthnRequestImpl.java:686)
   at com.sun.identity.saml2.protocol.impl.AuthnRequestImpl.<init>(AuthnRequestImpl.java:91)
  • Issue with the SAMLResponse: 
    ERROR: SPACSUtils.getResponse: Exception when instantiating SAMLResponse:
com.sun.identity.saml2.common.SAML2Exception: Data does not conform to schema.
   at com.sun.identity.saml2.protocol.impl.ResponseImpl.parseElement(ResponseImpl.java:167)
   at com.sun.identity.saml2.protocol.impl.ResponseImpl.<init>(ResponseImpl.java:294)
   at com.sun.identity.saml2.protocol.ProtocolFactory.createResponse(ProtocolFactory.java:1419)

Recent Changes

Configured SAML2 federation with a new third-party entity provider.

Updated an existing SAML2 federation with a third-party entity provider.

Causes

The XML received from the third-party entity provider is in violation of the SAML2 XSD schema.

Solution

This is not an issue with AM. This issue can be resolved by contacting your third-party entity provider and requesting they correct the issue(s) causing the schema violation.

You can find more details behind the actual cause by validating the XML yourself using: SAML Developer Tools - Validate XML with the XSD schema. Ensure you select the appropriate schema depending on what is indicated in the debug log. 

See Also

SAML v2.0 Guide

Related Training

N/A

Related Issue Tracker IDs

N/A

Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...