UTF8 in asserted attribute values
morgan at orst.edu
Tue Apr 1 18:51:30 EDT 2014
I am running IDP v2.3.8 with a relying party setup for Google SAML SSO.
It has been working fine for a long time, but recently a user complained
that he could not login to Google. The error message returned by Google's
ACS page is:
Google Apps - This account cannot be accessed because the login
credentials could not be verified.
I noticed that this user has a name with a UTF8 character (middle name
Ünsal). If I set that name on my test user, I get the same error message.
I am releasing "cn" to Google as part of a release-to-anyone filter
policy. The SAML response contains it like this:
<saml2:Attribute FriendlyName="cn" Name="urn:oid:184.108.40.206"
Has anyone come across this before? Is there any trick to releasing UTF-8
encoded attributes? Is this Google's problem?
More information about the users