OpenSAML 3.4.1 saml2p:Response SignatureValue contains necoded CR
Nate Klingenstein
ndk at signet.id
Fri Aug 13 17:45:40 UTC 2021
Ivaylo,
The dev at shibboleth.net list is typically the appropriate one for OpenSAML questions. This was more clear on the Shibboleth website before it was redesigned.
https://shibboleth.net/mailman/listinfo/dev
I have an informed hunch, but I seriously defer to the cryptographers on this one to avoid wasting your time.
Take care,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: Ivaylo Milev
Sent: Friday, August 13 2021, 9:30 am
To: users at shibboleth.net
Subject: OpenSAML 3.4.1 saml2p:Response SignatureValue contains necoded CR
Hi guys,
Apologies if this is not the right list, but I am trying to get OpenSAML to generate a saml2p:Response without any line breaks (or whitespace for that matter), and could not find the OpenSAML specific list (got 404).
I have tried providing the -Dorg.apache.xml.security.ignoreLineBreaks=true option to the JVM, but the output generated by OpenSAML 3.4.1 still includes the in the SignatureValue.
I know xml dig signature processors *should* be able to deal with /n and /r/n cases, but I suspect a .NET client using Sustainsys2 doesn't.
Anyhow, I would appreciate any guidance on how to produce a Response that has no characters (or CRLFs) in the SignatureValue, or one that has been cannonicalized to exclude any superflous whitespace altogether.
Thanks,
Ivaylo
PS I have been led to use org.apache.xml.security.ignoreLineBreaks=true by the below:
https://shibboleth.atlassian.net/browse/OSJ-267?focusedCommentId=29666&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&= <https://shibboleth.atlassian.net/browse/OSJ-267?focusedCommentId=29666&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&=>
https://shibboleth.atlassian.net/browse/XSTJ-69 <https://shibboleth.atlassian.net/browse/XSTJ-69>
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list