Invalid XML Exception

John Dennis jdennis at
Mon Apr 11 16:10:59 EDT 2016

On 04/11/2016 03:51 PM, Brent Putman wrote:
> I did look to see whether the SAML 2 Bindings spec says anything about
> padding required or not.  It doesn't directly, just invoked RFC 2045.
> The language there doesn't have a MUST, but it seems pretty clear on my
> read that it's required.

FWIW RFC 3548 supersedes RFC 2045. RFC 3548 clarifies many aspects and 
it mandates the use of padding.

My reading of RFC 2045 says the padding is mandatory. It omits the word 
MUST but it's pretty clear to me the padding was meant to be mandatory.

> In my experience, some Base64 encoding libraries in some languages
> deliberately do not add any padding, leaving it up to the caller to do
> so.  So that might be the case for whatever is generating this SAML
> binding request.

My understanding is that cooperating parties may by mutual agreement 
omit the padding, this is sometimes done with short messages for 
performance reasons. However, this is only permitted if the 
specification referencing RFC 3548 for base64 encoding  explicitly 
permits padding omission. RFC 3548 says:

     Implementations MUST include appropriate pad characters at
     the end of encoded data unless the specification referring to
     this document explicitly states otherwise.


More information about the users mailing list