Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14939

Enable "org.apache.xml.security.ignoreLineBreaks=true" by default

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0.6, 6.5.0.1, 6.5.1, 6.5.0.2
    • Fix Version/s: 5.5.2, 6.5.3, 7.0.0
    • Component/s: SAML
    • Sprint:
      AM Sustaining Sprint 63, AM Sustaining Sprint 64
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Problem
      Due to the use of XMLSec 2.1.x now, unless -Dorg.apache.xml.security.ignoreLineBreaks=true is set the generated SAML2 Assertions may have '#&13;' . which prior to the use of this there is no issues (say for previous AM).
      To maintain interop and better out of the box experience, it is best that this is set if the
      property is not explicitly enabled

      Many other system it seems already implement this System,setProperty("org.apache.xml.security.ignoreLineBreaks", true) just before Xmlsec Init() is called. Eg: Wss4j and Picketlink for example.

       

      Current situation:
      If any third party SP, that cannot handle exists, nearly always we need to have this switch set.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chee-weng.chea C-Weng C
                Reporter:
                chee-weng.chea C-Weng C
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: