UTF8 in asserted attribute values
Peter Schober
peter.schober at univie.ac.at
Wed Apr 2 14:49:27 EDT 2014
* Andrew Morgan <morgan at orst.edu> [2014-04-02 19:54]:
> > There are maybe some LDAP related settings involved, you'd have to search
> > the list, but your best bet is to trace the XML in transit through the
> > client, pull it and make sure it looks kosher (run it through xmllint,
> > etc.) and then you can be sure if it's Google's bug.
>
> I grabbed it with SAML Tracer. Then I followed the steps here:
>
> https://wiki.surfnet.nl/display/OpenConext/Validating+SAML2+metadata
>
> to setup xmllint. I also added the saml-schema-protocol-2.0.xsd to the
> catalog. Here is what I get:
>
> $ xmllint --noout --schema saml-schema-protocol-2.0.xsd saml-google.xml
> saml-google.xml validates
How will looking at (and validating with xmllint) Google's SAML2.0
metadata show names/umlauts from your subjects?
So check the SAML attribute statement (which you caught with
SAMLtracer, and went on to validate something completely different),
not metadata.
-peter
More information about the users
mailing list