Error ""faultstring":"ValidateSAMLAssertion[SAML]: Unable to resolve xpath" with SAML validation policy

anonymous · September 28, 2017, 6:51am

We are seeing the following error while using ValidateSAMLAssertion policy:

"fault":{"faultstring":"ValidateSAMLAssertion[SAML]: Unable to resolve xpath \/s:Envelope\/s:Header\/o:Security\/saml:Assertion to a SAML Assertion","detail":{"errorcode":"steps.saml.validate.XPathResolutionFailed"}}}

The policy looks like below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateSAMLAssertion name="SAML" ignoreContentType="false">
   <Source name="request">
       <Namespaces>
           <Namespace prefix="s">http://www.w3.org/2003/05/soap-envelope</Namespace>
           <Namespace prefix="o">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</Namespace>
           <Namespace prefix="saml">urn:oasis:names:tc:SAML:1.0:assertion</Namespace>
       </Namespaces>
       <XPath>/s:Envelope/s:Header/o:Security/saml:Assertion</XPath>
   </Source>
   <TrustStore>knab-saml-nonprod</TrustStore>
   <RemoveAssertion>false</RemoveAssertion>
</ValidateSAMLAssertion>

The SAML 1.0 assertion is being used here. However, it is not supported in Edge.

We need some urgent help on this. Can someone let me know if there’s any alternate way/workaround to be able to use SAML 1.0 ?

Thanks.

anonymous · October 2, 2017, 7:54pm

Hi ,

the error from Apigee Edge indicates that the XPAth you provided is not returning a SAML Assertion.

Does it? Can you show the source request/ . Is the content-type an XML content-type? (application/xml or text/xml) ?

Topic		Replies	Views
Null pointer exception in SAML validation. Apigee apigee-general , api-security	2	11	July 3, 2023
SAML validation xpath for Azure AD saml Apigee api-runtime	5	17	May 24, 2020
Saml Validation Apigee apigee-x	4	30	February 13, 2023

Error ""faultstring":"ValidateSAMLAssertion[SAML]: Unable to resolve xpath" with SAML validation policy

AI Suggested topics