UTF8 in asserted attribute values

Peter Schober peter.schober at univie.ac.at
Wed Apr 2 14:49:27 EDT 2014

* Andrew Morgan <morgan at orst.edu> [2014-04-02 19:54]:
> > There are maybe some LDAP related settings involved, you'd have to search
> > the list, but your best bet is to trace the XML in transit through the
> > client, pull it and make sure it looks kosher (run it through xmllint,
> > etc.) and then you can be sure if it's Google's bug.
> I grabbed it with SAML Tracer.  Then I followed the steps here:
>    https://wiki.surfnet.nl/display/OpenConext/Validating+SAML2+metadata
> to setup xmllint.  I also added the saml-schema-protocol-2.0.xsd to the 
> catalog.  Here is what I get:
>    $ xmllint --noout --schema saml-schema-protocol-2.0.xsd saml-google.xml
>    saml-google.xml validates

How will looking at (and validating with xmllint) Google's SAML2.0
metadata show names/umlauts from your subjects?

So check the SAML attribute statement (which you caught with
SAMLtracer, and went on to validate something completely different),
not metadata.

More information about the users mailing list