Shibboleth SP3 Problem: xmltooling::IOException setHeader (Header) failed: -2147024809

Cantor, Scott cantor.2 at
Wed Jan 27 23:47:29 UTC 2021

Oh, there is one other way which I totally forgot existed, but this sort of thing is why it was added.

You can set an encoding="URL" property inside the RequestMap to cause it to URL-encode the data when it's placed into the headers. That is of course everything, not just one attribute or one value situation, so the app has to turn around and decode the data.

So it's probably overkill, but it does exist.

-- Scott

On 1/27/21, 5:31 PM, "Cantor, Scott" <cantor.2 at> wrote:

    On 1/27/21, 3:46 PM, "users on behalf of Stephen Holland-Chang" <users-bounces at on behalf of stephen at> wrote:

    >    Does that ring any bells?

    Are you asking if that would be likely to break? Yes. There is zero chance of that working. A header can't cross lines, and IIS is just flagging an obvious problem.

    > IDP is sending the linebreaks, can shibboleth be set to ignore those or filter them before hitting IIS?

    I'm not sure anybody would expect an IdP to supply an address and I wouldn't bother to even map it, but it should be possible with the AttributeFilter layer to regex match on the offending character and use that to trigger dropping it on the floor.

    -- Scott

More information about the users mailing list