Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Saml-Metadata with special characters is corrupted #13776

Closed
JannickWeisshaupt opened this issue Sep 6, 2023 · 0 comments
Closed

Saml-Metadata with special characters is corrupted #13776

JannickWeisshaupt opened this issue Sep 6, 2023 · 0 comments
Assignees
@marcusdacoregio
Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Milestone
5.8.8

Comments

@JannickWeisshaupt
Copy link

JannickWeisshaupt commented Sep 6, 2023
edited

Describe the bug
Saml metadata is corrupted once it contains special characters.

To Reproduce

  1. Configure the metadata to contain special characters, e.g. via OpenSamlMetadataResolver.EntityDescriptorParameters.
  2. Generate the metadata via /saml2/service-provider-metadata/{descriptor}
  3. The metadata is corrupted and invalid xml

Expected behavior
The metadata is not corrupted, valid xml and obeys the Saml Standard

Cause
In Saml2MetadataFilter Line 111
response.setContentLength(metadata.getMetadata().length());
is generally wrong as the length in bytes is required which differs from Java String length, e.g. "ä".length() = 1 but should be 2
@JannickWeisshaupt JannickWeisshaupt added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 6, 2023
@JannickWeisshaupt JannickWeisshaupt mentioned this issue Sep 6, 2023
Merged
@marcusdacoregio marcusdacoregio self-assigned this Sep 13, 2023
@marcusdacoregio marcusdacoregio added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 13, 2023
JannickWeisshaupt pushed a commit to JannickWeisshaupt/spring-security that referenced this issue Sep 20, 2023
Fix corrupted saml2 metadata when special characters are present
778e187 
Closes spring-projectsgh-13776
@marcusdacoregio marcusdacoregio added this to the 5.8.8 milestone Sep 25, 2023
marcusdacoregio added a commit that referenced this issue Sep 25, 2023
@marcusdacoregio
Fix formatting
664ee9a 
Issue gh-13776
@marcusdacoregio marcusdacoregio mentioned this issue Sep 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Projects
None yet
Milestone
5.8.8
Development

No branches or pull requests
2 participants
@marcusdacoregio @JannickWeisshaupt