Segmentation Fault on 'lasso_saml20_provider_load_metadata' with mod_auth_mellon

Question

I'm try to use mod_auth_mellon to authenticate with SAML2. I've configure properties, but when i access the application page i receive a segmentation fault error.

Analyzing this issue i see on GDB this error:

Program received signal SIGSEGV, Segmentation fault.
0x00007fea68664357 in lasso_saml20_provider_load_metadata () from target:/lib64/liblasso.so.3

idp-metadata.xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
 entityID="https://my-entity-id-url">
 <IDPSSODescriptor>
   <KeyDescriptor use="signing">
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:X509Data>
         <ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
 <KeyDescriptor use="encryption">
   <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
     <ds:X509Data>
       <ds:X509Certificate>MIIDxzCCAq+gAwIBAgIJAKQsXQb9iHdLMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNV
...
...
...
GNV1V7MfHHsu5cg=</ds:X509Certificate>
     </ds:X509Data>
   </ds:KeyInfo>
 </KeyDescriptor>
 <SingleLogoutService
   Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
   Location="https://my-slo-url"/>
 <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
 <SingleSignOnService
   Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
   Location="https://my-sso-url"/>
 <SingleSignOnService
   Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
   Location="https://my-sso-url"/>
 </IDPSSODescriptor>
</EntityDescriptor>

Thank you!

Answer 1

In the https://jdennis.fedorapeople.org/doc/mellon-user-guide/mellon_user_guide.html have a example of idp metadata named demo_keycloak_ipa_idp_metadata.xml. I adjust the metadata based with my organization properties and it works.