Due to the use of XMLSec 2.1.x now, unless -Dorg.apache.xml.security.ignoreLineBreaks=true is set the generated SAML2 Assertions may have '#&13;' . which prior to the use of this there is no issues (say for previous AM).
To maintain interop and better out of the box experience, it is best that this is set if the
property is not explicitly enabled
Many other system it seems already implement this System,setProperty("org.apache.xml.security.ignoreLineBreaks", true) just before Xmlsec Init() is called. Eg: Wss4j and Picketlink for example.
If any third party SP, that cannot handle exists, nearly always we need to have this switch set.