idp3.2.1 shibboleth.authn.Password.Trim ?

Jarno Huuskonen jarno.huuskonen at
Wed Apr 27 07:08:57 EDT 2016


I've shibboleth.authn.Password.Trim enabled in authn/password-authn-config.xml
<util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>

But it looks like that whitespace(spaces) is not removed from
INFO [org.ldaptive.auth.PooledSearchDnResolver:268] ... failed using filter=[org.ldaptive.SearchFilter at -273505566::filter=sAMAccountName={user}, parameters={user=myusername }]
INFO [org.ldaptive.auth.PooledSearchDnResolver:268] ... failed using filter=[org.ldaptive.SearchFilter at -1023475808::filter=sAMAccountName={user}, parameters={user=  mysusername  }]

(this also happens with 3.1.2). Is shibboleth.authn.Password.Trim
supposed to remove leading/trailing spaces from username ?

I can remove whitespace with shibboleth.authn.Password.Transforms regexp:
<bean parent="shibboleth.Pair" p:first="^[ \t\r\n]*([a-z0-9-\.]+)[ \t\r\n]*$" p:second="$1" />
(BTW is \w+ or \W+ supposed to work in this regexp ? (Didn't get it to

(ldap is using:
idp.authn.LDAP.authenticator     = bindSearchAuthenticator
idp.authn.LDAP.userFilter    = sAMAccountName={user})


Jarno Huuskonen

More information about the users mailing list