I am running into this issue with my SAML. Has anyone ran into this issue?
[idpMetadata]
[Invalid SAML metadata: cvc-complex-type.2.4.a: Invalid content was found starting with element ‘SingleLogoutService’. One of ‘{“urn:oasis:names:tc:SAML:2.0:metadata”:NameIDFormat, “urn:oasis:names:tc:SAML:2.0:metadata”:SingleSignOnService}’ is expected.]
[org.sonatype.nexus.validation.ConstraintViolationFactory$HelperBean@c5170c3]
This indicates a problem with the saml xml. Which SAML provider are you using?
We are using GCDS not sure if your familiar with that IdP.
Are you referring to Google Cloud Director Sync? Unfortunately that’s not one of the SAML providers we tested with so I can’t guarantee our SAML implementation will work with it. That said, you may be able to simply remove some of the tags from your xml metadata to get things working. Here is a minimal example I found from some of our azure testing (hashes and certificates replaced for conciseness).
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="id" entityID="https://sts.windows.net/hash/">
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
certificate goes here
</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/hash/saml2"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/hash/saml2"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/hash/saml2"/>
</IDPSSODescriptor>
</EntityDescriptor>