Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12261

Honor org.apache.xml.security.ignoreLineBreaks=true when generating WS-Fed Assertions

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 6.0.0
    • Fix Version/s: 13.5.3, 6.0.0, 5.5.2
    • Component/s: WS Federation
    • Environment:
      Powershell scripts when Office 365 is federated with OpenAM 13+
    • Support Ticket IDs:

      Description

      Due to an issue with how Powershell interacts with OpenAM as a WS-Fed IDP and Office 365, we see XML signature validation issues.

      The issue is that Powershell is replacing the LF with CR+LF before passing on the Assertion generated by OpenAM to Office 365 which breaks the XML signature.

      The XML processing libraries we use in OpenAM support a JVM -D flag of org.apache.xml.security.ignoreLineBreaks which when set to true, will not include any LF's in the generated XML signature.

      This is only a partial solution as the Assertion returned by WS-Fed is generated by hand in the AssertionBase class and includes LF's.

      One possible solution would be to support the org.apache.xml.security.ignoreLineBreaks JVM flag and remove any LF's if it is set to true. This removal process must happen before the block of XML is signed.

        Attachments

          Activity

            People

            • Assignee:
              markdr Mark de Reeper
              Reporter:
              markdr Mark de Reeper
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: