Re: Re: attribute-map of attributes with umlaute (ä,ö,ü) does not work in IIS (SP)
pesche.egli at bluewin.ch
pesche.egli at bluewin.ch
Tue Feb 6 01:44:36 EST 2018
>> I'm configuring shibboleth-sp-2.6.1.3-win64 on a IIS, accepting
>> SAML-Assertions with attribute values containing "Umlaute" (ä,ö,ü)
>> When the saml2:AttributeValue contains an umlaut (ä,ö,ü), i don't manage
>> it to get it out from the request-header within the .NET webapp
>What does that mean, specifically? That the encoding is wrong within
>your application? Is the whole stack UTF8-clean (assuming the data is
>even UTF-8 on the wire)?
Further investigations show the following behavior:
Even a "plain template application" without any changes/enhancements (ASP.NET Core Web Application, following the wizard, "new project", compiled and deployed in IIS) from MS Visual Studio (V15.5.6) secured by shibboleth sp-2.6.1.3 shows the following behavior (deployed on an IIS 8 @WIN Sever 2012 R2):
A) HTTP client sends request to the application URL, which is redirected to the IDP (Authn Request)
B) IDP issues a SAML Assertion with an attribute containing umlaute (ä,ö,ü) --> this attribute is mapped in attribute-map.xml
C) after this, https://<servername>/Shibboleth.sso/SAML2/POST is called, which redirects to the application url --> ***HTTP 400 is returned***
- When the mapped attribute doesn't contain an umlaut (ä,ö,ü) it works --> HTTP 200 is returned and the browser shows the application page
- When the mapped attribute is removed from the mapping in the attribute-map.xml --> HTTP 200 is returned and the browser shows the application page
Remark: When i look at the https://<servername>/Shibboleth.sso/Session after the HTTP 400, the mentioned attribute is shown, with the correct value, incl. umlaute (ä,ö,ü)
BTW: the data is UFT-8 on the wire, encoding of the IIS is set to UTF-8 (.NET Globalization: Encoding Requests, Response Headers, Responses are set to UTF-8)
Any ideas why attributes with umlaute leads to a HTTP 400 ?
Thanks for any hints and answers.
/Peter
----Ursprüngliche Nachricht----
Von : peter.schober at univie.ac.at
Datum : 02/02/2018 - 14:50 (WEST)
An : users at shibboleth.net
Betreff : Re: attribute-map of attributes with umlaute (ä,ö,ü) does not work in IIS (SP)
* pesche.egli at bluewin.ch <pesche.egli at bluewin.ch> [2018-02-02 12:55]:
> I'm configuring shibboleth-sp-2.6.1.3-win64 on a IIS, accepting
> SAML-Assertions with attribute values containing "Umlaute" (ä,ö,ü)
> When the saml2:AttributeValue contains an umlaut (ä,ö,ü), i don't manage
> it to get it out from the request-header within the .NET webapp
What does that mean, specifically? That the encoding is wrong within
your application? Is the whole stack UTF8-clean (assuming the data is
even UTF-8 on the wire)?
> As far as i understood, no special AttributeDecoder is required in
> the attribute-map.xml file.
Umlauts or not, I never had to do anything in the SP -- other than
make sure the encoding of the web server was correct (so not in the
SP).
With Tomcat/Java servlet's that's a known issue due to the servlet
spec insisting on isolatin, IIRC. Check the archives for details if
you need to proxy to Java.
-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list