Remove md:RoleDescriptor elements from imported metadata.

These elements require additional schema definitions to be useful, and if those are not present at consuming entities schema validation errors will occur. We therefore strip them out entirely. This will mainly affect ADFS entities, but won't immediately allow those to be accepted as they also tend to have invalid AssertionConsumerService bindings.
internet2 · Dec 16, 2014 · 02f70b8 · 02f70b8
1 parent 1a75f3f
commit 02f70b8
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/mdx/clean-import.xsl b/mdx/clean-import.xsl
@@ -22,6 +22,9 @@
 	<xsl:template match="md:EntityDescriptor/@cacheDuration"/>
 	<xsl:template match="md:EntityDescriptor/@validUntil"/>
 
+	<!-- Remove md:RoleDescriptor elements, which require additional schemas to be available. -->
+	<xsl:template match="md:RoleDescriptor"/>
+
 	<!-- strip xml:base entirely -->
 	<xsl:template match="@xml:base"/>