idpv3 vs. spring security saml and encodeType="false"
jarno.huuskonen at uef.fi
Wed May 20 05:41:05 EDT 2015
We had a small interoperability(idpv3) problem with few SPs that use
spring security saml.
When we had encodeType="false" in attribute-resolver (idpv3), then
logins to these spring security saml SPs failed: idp showed successful
login and attributes released (confirmed with firefox+saml tracer) but
SP didn't allow user to continue.
After comparing results sent from idp-2.4.4 vs. idp-3.1.1 I found that
basically only difference was that idp-3.1.1 didn't send xsi:type="xsd:string"
-> After changing idp-3.1.1 attribute-resolver to use encodeType="true"
those spring security saml SPs accepted logins from idp-3.1.1.
Is anybody else able to confirm/deny if encodeType="false" can cause
interoperability problems with spring security saml ?
(I've no access to the spring security logs so I don't know what the
actual problem was/is).
More information about the users