Shibboleth Developers

["Adam Lantos" <>]

Chad,

SAML POST Profile specifies UTF-8 encoded XMLs to be encoded with
base64. This base64 encoding causes the problem, as it does not treat
the response xml as UTF-8.

I probably found the root of this problem inside opensaml2.

http://svn.middleware.georgetown.edu/view/java-opensaml2/tags/2.2.1/src/main/java/org/opensaml/saml2/binding/encoding/HTTPPostEncoder.java?revision=1365&view=markup

Here, at method populateVelocityContext,

 String messageXML = XMLHelper.
      nodeToString(
        messageContext.getOutboundSAMLMessage().getDOM());
 String encodedMessage =
      Base64.encodeBytes(
        messageXML.getBytes(), Base64.DONT_BREAK_LINES);

I think that messageXML.getBytes() should be messageXML.getBytes("utf-8").

You are right that sysadmins should set the correct locale, but since
SAML2 POST Profile _strictly requires_ the use of UTF-8 it should be
better idea to enforce this inside the Java code and not on platform
or container locales.


thanks,
 Adam



On Thu, Oct 30, 2008 at 11:35 AM, Chad La Joie 
<>
 wrote:
> No, it's independent of any operation that you'd perform.  The
> transcoding error is occurring just as the container is writing the
> information out to the socket.  SAML specifies that the XML that is
> being sent to-and-fro is UTF-8 encoded so the connector needs to be
> configured to support/use UTF-8.
>
> Kristof BAJNOK wrote:
>> On Thursday 30 October 2008 Chad La Joie wrote:
>>> But yes, if you tell your container to use something other than UTF-8
>>> and then try to send UTF-8 content it's going to mess things up.
>>
>> I'm far from being a Java expert, but does it mean, that you are unable to
>> perform a single base64 encoding independently from the system locale?
>> I thought the container was only dealing with ASCII data (from LDAP and to
>> the browser), I must be wrong then.
>>
>> At least this is worth a line in the wiki, I'd think.
>>
>> Kristof
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> ,
>  http://www.switch.ch
>
>