Basically the IDP Entity descriptor XML generated by our IDP infrastructure (base on Novell Access Manager) produce a parsing exception while being processed by picketlink.

This parsing exceptions come from a couple of tags and attributes that picketlink seems to get stuck into.

Till now the troublesome tags are:

1) <md:SPSSODescriptor AuthnRequestsSigned="true" ID="id92GPKNKlFZk7.cvYVWEyL8QtWWw" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

The attribute AuthnRequestsSigned="true" is mandatory.

2) <md:IDPSSODescriptor ID="iduJi627sd6xPmFRXzCmY8zRXGu7U" WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

The attribute WantAuthnRequestsSigned="true" is mandatory.

3) <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

The entire tag produce a parsing exception.

4)<md:AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://namx.corp.x.net/nidp/saml2/soap" />

The entire tag produce a parsing exception.

5)<md:AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="https://namx.corp.x.net/nidp/saml2/assertion" />

The entire tag produce a parsing exception.