This space contains the old OpenAthens SP documentation and is no longer maintained.
OpenAthens SP software is already out of support and reached end of life in May 2020.

Check out OpenAthens Keystone instead. It's supercool and makes dealing with SAML much easier.


Skip to end of metadata
Go to start of metadata

Their is currently an issue with OASP processing the Metadata for the Czech academic identity federation ( The issue relates to parsing the serial number for a X509 cert which is stored in a numeric field rather than a text one within the Czech metadata, as the value is so large i.e. much greater than an integer it causes problems with the libXML library/parser.

The suggested workaround for this is to store a local copy of the Czech metadata and make the following alterations to it:

remove valid until attribute from the <EntitiesDescriptor element tag i.e.: validUntil="2012-05-04T23:55:01Z"

Remove all data between and including the two element tags shown below.
<Signature xmlns="">

Also remove the problematic serial number element itself.
<ds:X509IssuerName>CN=TERENA SSL CA,O=TERENA,C=NL</ds:X509IssuerName>

The recommended approach would be to automate this process in some way to make sure the metadata is up to date.

We will making some schema changes in the next release of OASP to avoid the need for this workaround.

  • No labels