Shibboleth SP3 Problem: xmltooling::IOException setHeader (Header) failed: -2147024809
Cantor, Scott
cantor.2 at osu.edu
Wed Jan 27 23:47:29 UTC 2021
Oh, there is one other way which I totally forgot existed, but this sort of thing is why it was added.
You can set an encoding="URL" property inside the RequestMap to cause it to URL-encode the data when it's placed into the headers. That is of course everything, not just one attribute or one value situation, so the app has to turn around and decode the data.
So it's probably overkill, but it does exist.
https://wiki.shibboleth.net/confluence/display/SP3/RequestMap
-- Scott
On 1/27/21, 5:31 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
On 1/27/21, 3:46 PM, "users on behalf of Stephen Holland-Chang" <users-bounces at shibboleth.net on behalf of stephen at attendeenet.com> wrote:
> Does that ring any bells?
Are you asking if that would be likely to break? Yes. There is zero chance of that working. A header can't cross lines, and IIS is just flagging an obvious problem.
> IDP is sending the linebreaks, can shibboleth be set to ignore those or filter them before hitting IIS?
I'm not sure anybody would expect an IdP to supply an address and I wouldn't bother to even map it, but it should be possible with the AttributeFilter layer to regex match on the offending character and use that to trigger dropping it on the floor.
https://wiki.shibboleth.net/confluence/display/SP3/XMLAttributeFilter
-- Scott
More information about the users
mailing list