Invalid XML Exception

Paul Hethmon paul.hethmon at clareitysecurity.com
Fri Apr 8 10:30:06 EDT 2016 

On a v2 server, I’m seeing an exception on an inbound AuthnRequest:

07:15:19.315 - ERROR [org.opensaml.ws.message.decoder.BaseMessageDecoder:208] - Encountered error parsing message into its DOM representation
org.opensaml.xml.parse.XMLParserException: Invalid XML
…
        at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
Caused by: org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) ~[na:na]
…
        ... 50 common frames omitted
07:15:19.316 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:400] - Error decoding authentication request message
org.opensaml.ws.message.decoder.MessageDecodingException: Encountered error parsing message into its DOM representation
…
        at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
Caused by: org.opensaml.xml.parse.XMLParserException: Invalid XML
        at org.opensaml.xml.parse.StaticBasicParserPool.parse(StaticBasicParserPool.java:235) ~[xmltooling-1.4.0.jar:na]
        at org.opensaml.ws.message.decoder.BaseMessageDecoder.unmarshallMessage(BaseMessageDecoder.java:186) ~[openws-1.5.0.jar:na]
        ... 49 common frames omitted
Caused by: org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.
        at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) ~[na:na]

Here’s the XML as captured by SAML Tracer:

<samlp:AuthnRequest ID="_8E6DD7CA-C2DC-481F-A7F6-F5A0078BD8EB"
                    Version="2.0"
                    IssueInstant="2016-04-08T08:15:24Z"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    Destination="https://idp.nnrmls.safemls.net/idp/profile/SAML2/POST/SSO"
                    ForceAuthn="false"
                    IsPassive="false"
                    AssertionConsumerServiceIndex="0"
                    AssertionConsumerServiceURL="http://www.mlsENsight.com/geojet6/emmain.asp?mapName=32"
                    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    >
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://www.mlsENsight.com/geojet6/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" />
</samlp:AuthnRequest>

It validates using Oxygen XML Editor and SAML Tracer likes it as well. I don’t see anything wrong with it, but yet it fails.

Any ideas?

thanks,

Paul

-----
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com

More information about the users mailing list