idpv3 vs. spring security saml and encodeType="false"

Jarno Huuskonen jarno.huuskonen at
Wed May 20 05:41:05 EDT 2015


We had a small interoperability(idpv3) problem with few SPs that use
spring security saml.

When we had encodeType="false" in attribute-resolver (idpv3), then
logins to these spring security saml SPs failed: idp showed successful
login and attributes released (confirmed with firefox+saml tracer) but
SP didn't allow user to continue.

After comparing results sent from idp-2.4.4 vs. idp-3.1.1 I found that
basically only difference was that idp-3.1.1 didn't send xsi:type="xsd:string"
with attributes.

-> After changing idp-3.1.1 attribute-resolver to use encodeType="true"
those spring security saml SPs accepted logins from idp-3.1.1.

Is anybody else able to confirm/deny if encodeType="false" can cause
interoperability problems with spring security saml ?
(I've no access to the spring security logs so I don't know what the
actual problem was/is).


Jarno Huuskonen

More information about the users mailing list