OpenSAML 3.4.1 saml2p:Response SignatureValue contains necoded CR

Ivaylo Milev i.milev at gmail.com
Fri Aug 13 21:13:23 UTC 2021 

Thanks, Nate!

On Fri, Aug 13, 2021, 8:45 PM Nate Klingenstein <ndk at signet.id> wrote:

> Ivaylo,
>
> The dev at shibboleth.net list is typically the appropriate one for OpenSAML
> questions.  This was more clear on the Shibboleth website before it was
> redesigned.
>
> https://shibboleth.net/mailman/listinfo/dev
>
> I have an informed hunch, but I seriously defer to the cryptographers on
> this one to avoid wasting your time.
>
> Take care,
> Nate.
>
> --------
> Signet, Inc.
> The Art of Access ®
>
> https://www.signet.id
>
> -----Original message-----
> From: Ivaylo Milev
> Sent: Friday, August 13 2021, 9:30 am
> To: users at shibboleth.net
> Subject: OpenSAML 3.4.1 saml2p:Response SignatureValue contains necoded CR
>
> Hi guys,
>
> Apologies if this is not the right list, but I am trying to get OpenSAML
> to generate a saml2p:Response without any line breaks (or whitespace for
> that matter), and could not find the OpenSAML specific list (got 404).
>
> I have tried providing the -Dorg.apache.xml.security.ignoreLineBreaks=true
> option to the JVM, but the output generated by OpenSAML 3.4.1 still
> includes the  in the SignatureValue.
>
> I know xml dig signature processors *should* be able to deal with /n and
> /r/n cases, but I suspect a .NET client using Sustainsys2 doesn't.
>
> Anyhow, I would appreciate any guidance on how to produce a Response that
> has no  characters (or CRLFs) in the SignatureValue, or one that has been
> cannonicalized to exclude any superflous whitespace altogether.
>
> Thanks,
>
> Ivaylo
>
> PS  I have been led to use org.apache.xml.security.ignoreLineBreaks=true
> by the below:
>
>
> https://shibboleth.atlassian.net/browse/OSJ-267?focusedCommentId=29666&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&=
> <
> https://shibboleth.atlassian.net/browse/OSJ-267?focusedCommentId=29666&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel&=
> >
>         https://shibboleth.atlassian.net/browse/XSTJ-69 <
> https://shibboleth.atlassian.net/browse/XSTJ-69>
>
> --
>
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210814/0532027b/attachment.htm>

More information about the users mailing list