OpenSAML user discussion

[Brent Putman <>]

On 10/3/10 9:41 PM, rangeli nepal wrote:
> 
> 
> Some time I see Bad Base64 input character at 11:
> 37(decimal)on cosole. I think this error is coming from Base64 class
> from encode method.
> 


It's coming from our org.opensaml.xml.util.Base64 class, the method
public static byte[] decode(byte[] source, int off, int len).

It literally means that the 11th character of the Base64 encoded data
that's trying to decode is not a valid Base64 character, which are: A-Z,
a-z, 0-9 , + and /.   The invalid character's ASCII value is decimal 37,
which looks to be the % sign.  So probably something in the signed data
has not been URL-decoded properly before being passed to the rule.
Perhaps the % sign is part of an invalid attempt to URL-encode
something, and then doesn't get correctly decoded as it should be,
leaving the literal % sign in place in the data.



I could not understand the significance/impact of it. Does it mean
> signature is invalid?
> 


I doubt it, it means that the data isn't being transported properly to
your system in the right format, or else there's a decoding bug
somewhere in our rule.  But the latter is unlikely, since this code has
been heavily used in Shibboleth for a couple of years now, we probably
would have heard about it.