[IdP] Single Sign-On - Users with Special Characters

[IdP] Single Sign-On - Users with Special Characters

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins

Hi,

We've been using the IdP component for a while, but now we came across a problem: Users with special characters on their names are not being able to log in. 

There are two users in this scenario:  Brosbøl and Luján

Inside the IdP module, a log is provided for failed attempts (attached).  The weird thing (that we believe is causing the problem) is this specific tag: <AttributeValue>Brosbøl,Kim</AttributeValue>

Inside IdP's code, I've noticed that the variables are using Text attributes, but I believe that somewhere there is a conversion/encoding issue for this special characters.

Any suggestions?

Thanks

Rafael 

Hi Rafael,

I'm assuming that you copy paste the xml from the IdP Log detail screen, right?

Along the way some char was not converted correctly and the message signature now do not match.

Can you check the xml message from the browser with Dev tools. It should be something like SAMLResponse=ABC....

Decode the Base64 message to get the actual xml message with some online tool and check the difference for the one that you are getting inside IdP application.

Regards. 

In the special char bug, message content was not delivered to extension as utf-8 and so the signature check failed because message content was modified (bug at IdP module > Private/SAML_Decode_OS action, output assign).

Solution

Hi,

Are you guys using the last version of IdP component? (If yes on java or .net?)

I have no issue with those special chars as I get the assertion in right way:


<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Telmo</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Brosbøl</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement>


Regards.

Solution

Telmo Martins wrote:

Hi,

Are you guys using the last version of IdP component? (If yes on java or .net?)

I have no issue with those special chars as I get the assertion in right way:


<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Telmo</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Brosbøl</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement>


Regards.

Hi Guys,


Thank you so much! Telmo was right, we were using an old version. After doing the upgrade, everything is working fine!


Thanks again and have a nice week!
Rafael