You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In mTLS client authenticator, base64 decoding process of the client certificate fails due to presence of new lines. We are currently utilizing base64 class in the java.util package and it is not capable of processing new lines.
Error Message
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat"><ns1:faultstring xmlns:ns1="http://cxf.apache.org/bindings/xformat">java.lang.IllegalArgumentException: Illegal base64 character 7b</ns1:faultstring></ns1:XMLFault>
Suggested Fix
Add the logic to remove new lines from the client certificate before the decoding functionality [1].
Description
In mTLS client authenticator, base64 decoding process of the client certificate fails due to presence of new lines. We are currently utilizing base64 class in the java.util package and it is not capable of processing new lines.
Error Message
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat"><ns1:faultstring xmlns:ns1="http://cxf.apache.org/bindings/xformat">java.lang.IllegalArgumentException: Illegal base64 character 7b</ns1:faultstring></ns1:XMLFault>
Suggested Fix
Add the logic to remove new lines from the client certificate before the decoding functionality [1].
[1] - https://github.com/wso2-extensions/identity-oauth-addons/blob/4d30af9cdf22aee6c5182372ace5da5a21b88fca/component/org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls/src/main/java/org/wso2/carbon/identity/oauth2/token/handler/clientauth/mutualtls/MutualTLSClientAuthenticator.java#L280
The text was updated successfully, but these errors were encountered: