The reference to entity "action" must end with the '; ' delimiter.

Ian Young ian at iay.org.uk
Thu Feb 7 04:53:18 EST 2013 

On 7 Feb 2013, at 09:36, Glenn Wearen <glenn.wearen at heanet.ie> wrote:

> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_6cdf9e84d3c0ee85e94a" Version="2.0" IssueInstant="2013-02-06T16:26:34Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://trial.sugarcrm.com/rvufhi7392/index.php?module=Users?action=Authenticate"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">php-saml</saml:Issuer>
> <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"></samlp:NameIDPolicy>
> <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact"><saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>
> </samlp:AuthnRequest>

That's valid XML as written, are you sure it is exactly what is being sent?

What does it look like when it is sent to the IdP, exactly?

> url encoding the question mark ? preceding the 'action' part of their ACS URL results in a successful decode, but I can't  control what ACS SugarCRM send in the AuthnRequest.

There are a couple of peculiarities that might crop up in that area.  One is that I note that the URL embedded in the example you give has two '?'s in it, in fact, and no '&'.  However, the error shown is:

> Caused by: org.xml.sax.SAXParseException: The reference to entity "action" must end with the ';' delimiter.

This sounds more like XML containing … index.php?module=Users&action=Authenticate …

… and that would NOT be valid XML, where '&'s need to be encoded as '&amp;' in all contexts (even inside attribute values).

	-- Ian



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20130207/e21b5eea/attachment-0001.bin

More information about the users mailing list