"Source not configured in { }" error with Validate SAML Assertion policy

Google Cloud Apigee
1

I’m trying to do a spike of an API proxy that needs to validate a SAML token on inbound requests. I have a Validate SAML Assertion policy that looks like the following:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateSAMLAssertion ignoreContentType="false" name="MySamlValidation">
    <DisplayName>MySamlValidation</DisplayName>
    <Source name="request">
        <XPath>/Envelope/Header/Security/saml:Assertion</XPath>
    </Source>
    <Description/>
    <TrustStore>mytruststore</TrustStore>
    <RemoveAssertion>false</RemoveAssertion>
</ValidateSAMLAssertion>

Whenever I try to deploy (and sometimes save) the configuration I get the aforementioned error ( “Source not configured in { }.” ). The “Source” element is present with what seems to be a valid configuration according to the documentation. What am I missing?

1 Like
2

Adding the Namespaces element fixed this issue for me. Now the policy looks like the following:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateSAMLAssertion ignoreContentType="false" name="Validate-SAML-Assertion-1">
    <Source name="request">
        <Namespaces>
            <Namespace prefix="samlp">urn:oasis:names:tc:SAML:2.0:protocol</Namespace>
            <Namespace prefix="saml">urn:oasis:names:tc:SAML:2.0:assertion</Namespace>
        </Namespaces>
        <XPath>/samlp:Response/saml:Assertion</XPath>
    </Source>
    <TrustStore>mytrustore</TrustStore>
    <RemoveAssertion>false</RemoveAssertion>
    <DisplayName>ValidateSAMLAssertion</DisplayName>
</ValidateSAMLAssertion>
1 Like