mace-opensaml-users - Re: [OpenSAML] Bad Base64 input character at
Subject: OpenSAML user discussion
List archive
- From: rangeli nepal <>
- To:
- Subject: Re: [OpenSAML] Bad Base64 input character at
- Date: Tue, 5 Oct 2010 15:45:20 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Ae+Ek2hxCQX9D6Yigu3kyDrS6zRIAKQlknbF/tmd9nzsyjU9m/Oh1Uh1Gxl7/Uq6rx pS4EI6DpYLl7nP+vn7+JVNJXumvkEc7HD7zF/IhDMPOfTYM8c8/m0ZOf8J9G8ZY4fSsO TLXxyS4INFHgr0KZFPX6BbA0Az4FhtcFTIurQ=
I am using HTTP-redirect binding and able to construct AuthnRequest
from wire. is it advisable to check for Base64 encoding(After URL
decode) of Signature and SigAlg before really doing Signature
verification?
On Mon, Oct 4, 2010 at 8:05 PM, Brent Putman
<>
wrote:
>
>
> On 10/3/10 9:41 PM, rangeli nepal wrote:
>>
>>
>> Some time I see Bad Base64 input character at 11:
>> 37(decimal)on cosole. I think this error is coming from Base64 class
>> from encode method.
>>
>
>
> It's coming from our org.opensaml.xml.util.Base64 class, the method
> public static byte[] decode(byte[] source, int off, int len).
>
> It literally means that the 11th character of the Base64 encoded data
> that's trying to decode is not a valid Base64 character, which are: A-Z,
> a-z, 0-9 , + and /. The invalid character's ASCII value is decimal 37,
> which looks to be the % sign. So probably something in the signed data
> has not been URL-decoded properly before being passed to the rule.
> Perhaps the % sign is part of an invalid attempt to URL-encode
> something, and then doesn't get correctly decoded as it should be,
> leaving the literal % sign in place in the data.
>
>
>
> I could not understand the significance/impact of it. Does it mean
>> signature is invalid?
>>
>
>
> I doubt it, it means that the data isn't being transported properly to
> your system in the right format, or else there's a decoding bug
> somewhere in our rule. But the latter is unlikely, since this code has
> been heavily used in Shibboleth for a couple of years now, we probably
> would have heard about it.
>
- [OpenSAML] Bad Base64 input character at, rangeli nepal, 10/03/2010
- Re: [OpenSAML] Bad Base64 input character at, Brent Putman, 10/04/2010
- Re: [OpenSAML] Bad Base64 input character at, rangeli nepal, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, Brent Putman, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, rangeli nepal, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, Brent Putman, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, rangeli nepal, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, Brent Putman, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, rangeli nepal, 10/05/2010
- Re: [OpenSAML] Bad Base64 input character at, Brent Putman, 10/04/2010
Archive powered by MHonArc 2.6.16.