Invalid XML Exception
John Dennis
jdennis at redhat.com
Mon Apr 11 16:10:59 EDT 2016
On 04/11/2016 03:51 PM, Brent Putman wrote:
> I did look to see whether the SAML 2 Bindings spec says anything about
> padding required or not. It doesn't directly, just invoked RFC 2045.
> The language there doesn't have a MUST, but it seems pretty clear on my
> read that it's required.
FWIW RFC 3548 supersedes RFC 2045. RFC 3548 clarifies many aspects and
it mandates the use of padding.
My reading of RFC 2045 says the padding is mandatory. It omits the word
MUST but it's pretty clear to me the padding was meant to be mandatory.
> In my experience, some Base64 encoding libraries in some languages
> deliberately do not add any padding, leaving it up to the caller to do
> so. So that might be the case for whatever is generating this SAML
> binding request.
My understanding is that cooperating parties may by mutual agreement
omit the padding, this is sometimes done with short messages for
performance reasons. However, this is only permitted if the
specification referencing RFC 3548 for base64 encoding explicitly
permits padding omission. RFC 3548 says:
Implementations MUST include appropriate pad characters at
the end of encoded data unless the specification referring to
this document explicitly states otherwise.
--
John
More information about the users
mailing list