Invalid XML Exception

[Paul Hethmon]

Ok, this keeps getting weirder. I’m getting different behavior based on how I manipulate the inbound request. So, as last week, if I POST the AuthnRequest to the IdP with what appears to be valid XML, I end up with the “Invalid XML Exception” pointing to a root cause of "Caused by: org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.”

However, I had the SP developer wire up a page pointing to one of my test servers. So all we did was change IdP. Software versions are the same (near as I can tell). That AuthnRequest works and I get prompted to login.

So, I manipulated the form to IdP2 in Firefox and set the Form POST destination to the original IdP server, the one throwing the XML exception. So the AuthnRequest for IdP2 is being sent to IdP1. Except now it parses the XML and instead throws the security exception for the destination not matching (which is correct).

Finally, I just reversed my direction. I took the AuthnRequest for IdP1 and changed the POST destination in the HTML form to be IdP2. That throws the “Invalid XML Exception”. I think at least that is some consistency. The SP web page that sends a request to IdP1 fails with the same exception no matter which actual IdP I send the content to.

Any thoughts on determining the real error are appreciated.

thanks,

Paul

-----
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com