Use xmllint to validate SAML 2.0 metadata (or similarly, any other SAML document) using an XML Catalog file

Makefile

all: saml-2.0-os xsd/xenc-schema.xsd xsd/xmldsig-core-schema.xsd xcatalog/saml-metadata.xml

saml-2.0-os:
	mkdir -p saml-2.0-os
	wget http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip
	unzip -d saml-2.0-os saml-2.0-os.zip *.xsd

xcatalog/saml-metadata.xml:
	mkdir -p xcatalog
	xmlcatalog --noout --create xcatalog/saml-metadata.xml
	xmlcatalog --noout --add uri http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd ../xsd/xmldsig-core-schema.xsd xcatalog/saml-metadata.xml
	xmlcatalog --noout --add uri http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd ../xsd/xenc-schema.xsd xcatalog/saml-metadata.xml
	xmlcatalog --noout --add uri http://www.w3.org/2001/xml.xsd /opt/local/share/xml/xmltooling/xml.xsd xcatalog/saml-metadata.xml

xsd/xenc-schema.xsd:
	mkdir -p xsd
	wget -Oxsd/xenc-schema.xsd http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd

xsd/xmldsig-core-schema.xsd:
	mkdir -p xsd
	wget -Oxsd/xmldsig-core-schema.xsd http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd

clean:
	rm xcatalog/saml-metadata.xml

validate-metadata.sh

#!/bin/sh
# validate SAML metadata according to XML schema
# eg
# curl -4s https://wayf.surfnet.nl/federate/metadata/saml20 | ./validate-metadata.sh -

#OPTIONS=--load-trace
OPTIONS=--noout
XML_CATALOG_FILES="./xcatalog/saml-metadata.xml" xmllint --schema saml-2.0-os/saml-schema-metadata-2.0.xsd $OPTIONS $1