Invalid XML Exception
Brent Putman
putmanb at georgetown.edu
Mon Apr 11 15:51:16 EDT 2016
On 4/11/16 1:05 PM, Paul Hethmon wrote:
> The bug is on the generating side, it’s not putting the proper padding on the encoded string.
Yep. Not a multiple of 4 bytes.
>
> I think I can make a case that the XML Tooling code should throw an error here or take the Apache approach and assume the padding.
That's how we *would* fix it if it weren't EOL.
> Given this is with a v2 system, there is no fix to be made there,
Right, EOL, so no fix. So you'll need to get the generating side to fix.
I did look to see whether the SAML 2 Bindings spec says anything about
padding required or not. It doesn't directly, just invoked RFC 2045.
The language there doesn't have a MUST, but it seems pretty clear on my
read that it's required.
In my experience, some Base64 encoding libraries in some languages
deliberately do not add any padding, leaving it up to the caller to do
so. So that might be the case for whatever is generating this SAML
binding request.
> not sure if v3 is essentially the same code.
It's not. V2 had a Base64 class copied in from some other open source
project. So it doesn't handle this case. V3 java-support's
Base64Support is just a light wrapper around the Apache commons-codec.
As Paul pointed out in the Jira, it already handles this case, so v3
does too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160411/40d523b5/attachment.html>
More information about the users
mailing list