The reference to entity "action" must end with the '; ' delimiter.

Glenn Wearen glenn.wearen at
Thu Feb 7 06:35:19 EST 2013

The character before the 'action' was indeed an ampersand, and this is rejected by the IdP. When I urlencode it manually (using the Feide SAML debugger) the IdP parses it.

Edugate Operations
HEAnet Limited, Ireland's Education and Research Network - 
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301  tel: +353-1-6609040  fax: +353-1-6603666

On 7 Feb 2013, at 10:31, Ian Young wrote:

> On 7 Feb 2013, at 09:54, Glenn Wearen <glenn.wearen at> wrote:
>> Slight correction, it is the ampersand that I have urlencoded, not the question mark.
> The example you posted doesn't contain an ampersand.  If the character before the "action" was an ampersand, that would be invalid XML, which is what the IdP is reporting.
> As to whether the "right" answer is for the SP to URL encode such an ampersand as %25 within the XML, in the hope that it won't be decoded prior to being used in a URL, I'm not sure.  I have seen that done, but if you don't have control over what the SP is generating then that may be moot.
> There was a change in behaviour in this area in the IdP at some point in the 2.X series.  I want to say something like 2.2.0, but I can't see the specific issue in the release notes; it may have been a side-effect of fixing something else and perhaps someone else can remember the details.  We've also had related issues in the discovery service code.  I do remember that we were fairly confident that the IdP was doing the right thing now, though.
> 	-- Ian
> --
> To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2330 bytes
Desc: not available
Url : 

More information about the users mailing list