Configuring a binary attribute (such as Windows SID or objectGUID) as a claim in WSO2 Identity Server and sending it over XML token such as SAML needs an additional configuration.
Problem Identification
Solution
Add the following parameter in <carbon_home>/repository/conf/usermgt.xml for each binary attribute that you wish to convert to XML.
Problem Identification
[2016-03-17 16:48:48,203] @nextlabs.com [1] [IS]ERROR {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the authentication request
org.wso2.carbon.identity.base.IdentityException: Error Serializing the SAML Response
at org.wso2.carbon.identity.base.IdentityException.error(IdentityException.java:162)
at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.marshall(SAMLSSOUtil.java:352)
at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:161)
at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:164)
at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:691)
.....
.....
.....
Caused by: org.w3c.dom.ls.LSException: The character '☼' is an invalid XML character
at org.apache.xml.serialize.DOMSerializerImpl.write(Unknown Source)
at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.marshall(SAMLSSOUtil.java:348)
... 55 more
Caused by: java.io.IOException: The character '☼' is an invalid XML character
at org.apache.xml.serialize.BaseMarkupSerializer.fatalError(Unknown Source)
at org.apache.xml.serialize.BaseMarkupSerializer.surrogates(Unknown Source)
Solution
Add the following parameter in <carbon_home>/repository/conf/usermgt.xml for each binary attribute that you wish to convert to XML.
<Property name="java.naming.ldap.attributes.binary">objectGUID</Property>
No comments:
Post a Comment