Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Problem with DTD error - some xml method does not work

Tags:

saml

okta

itfoxtec-identity-saml2

I have error like that :

For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

this error occurs in this method, could You check ?

entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"]));
like image 586
Mateusz Kaleta Avatar asked Nov 07 '25 01:11

Mateusz Kaleta

2 Answers

The same error happened to me when I tried to follow the guidance from Okta. Later I realized that I used wrong url. Instead of metadata url, I have used Identity Provider Single Sign-On URL.

At first I tried to load metadata from file with entityDescriptor.ReadIdPSsoDescriptorFromFile. Here I took correct metadata and later I realized the mistake with url.

With Okta the url should look like:

  • https://dev-92799999.okta.com/app/exk59ob18tTqAxxxxx/sso/saml/metadata

Wrong one I used was:

  • https://dev-92799999.okta.com/app/dev-92785832_oktasamlexample_1/exk59ob18tTqAxxxxx/sso/saml
like image 52
mybrave Avatar answered Nov 11 '25 06:11

mybrave

I was finally able to find a solution to this problem. The question originally didn't tag "Okta" or "C#", but I believe this error was encountered when trying to follow the setup instructions here:

https://developer.okta.com/blog/2020/10/23/how-to-authenticate-with-saml-in-aspnet-core-and-csharp

As noted in the article open the SAML Setup Instructions, which can (currently) be found by clicking the "Sign On" tab of your application:

Okta screenshot

The value you in the "Identity Provider Single Sign-On URL" should look something like this:

https://dev-xxxxxxx.okta.com/app/dev-xxxxxx1_testapp_1/exk3--------------/sso/saml

Using this URL will result in the DTD error as shown in the question.

To build the correct URL:

  1. Remove the URL section between "app" and "exk...". I think this is the appId, but not sure.
  2. Add "/metadata" to the end

So, based on the above example, the final URL will be:

`https://dev-xxxxxxx.okta.com/app/exk3--------------/sso/saml/metadata

As a quick test, you should be able to hit this URL in a browser.

FWIW, this aligns with mybrave's answer, but with a bit more detail on how to get the correct metadata URL.

like image 33
Phil Sandler Avatar answered Nov 11 '25 06:11

Phil Sandler
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!