[keycloak-user] SAML Token contains carriage returns (&#xD)

Hynek Mlnarik hmlnarik at redhat.com
Wed Oct 3 03:45:47 EDT 2018 

Keycloak usually does not add any carriage return entities. What version of
keycloak do you use? Have you changed/endorsed any XML processing library?

On Mon, Sep 17, 2018 at 6:31 PM Dean Peterson <peterson.dean at gmail.com>
wrote:

> Is there a way to remove the carriage returns keycloak uses in the saml
> assertion token? This is incompatible with Websphere idAssertion using
> keycloak as the Identity provider. Ex, notice the &#xD characters in the
> content:
>
> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="ID_a42073de-3815-4951-8db4-5d07d46dbf75"
> IssueInstant="2018-09-17T05:35:29.198Z" Version="2.0"><saml:Issuer>
> http://localhost:8080/auth/realms/unemployment-insurance
> </saml:Issuer><dsig:Signature
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
> "><dsig:SignedInfo><dsig:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "></dsig:CanonicalizationMethod><dsig:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> "></dsig:SignatureMethod><dsig:Reference
>
> URI="#ID_a42073de-3815-4951-8db4-5d07d46dbf75"><dsig:Transforms><dsig:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature
> "></dsig:Transform><dsig:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "></dsig:Transform></dsig:Transforms><dsig:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>
> "></dsig:DigestMethod><dsig:DigestValue>8aoA9CDfFV8PXBnuafSS3JU/MXuGX3to93E+go9DJrk=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>UpQPIpNTXMuds8BP5a/N08sXeVMV9Bo6/gxb+rZo38tJwu9GGdrX2SeUlQUWVKRcH0qQRlWzVLfO&#xD;
>
> nvb9gbIs/qGrIRQf2nvb40ywN0V8QqCaQr8VU++2rOJGSUfByGjazopvp2WrOM0JdlD6WjeqCs27&#xD;
>
> L+fpbVKC8GGZQB+KblqQ08xJ17yN0VDxwDAk+QDwkGpioe9p6/nSZZYCIimPF8BR0TxgwCm9KZl7&#xD;
>
> ASNv+d7m6Zaarj/CnqjLG0zDWPfAdW6R5sWuRmUzHiDG3AwpOaxxLP2d5HGPCRCfmiCHMVN3EVx4&#xD;
>
> FoQg/ej8QQ1Z0fCOg/N9qRJnFxYbnjMdc1w4rw==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyName>Ayvm2xqFD1Xb_CeLG0LbFdh2PuBAflqKnI7kCiTwqjw</dsig:KeyName><dsig:X509Data><dsig:X509Certificate>MIICuzCCAaMCBgFlsHW+ezANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZVbmVtcGxveW1lbnQg&#xD;
>
> SW5zdXJhbmNlMB4XDTE4MDkwNjE5NTUzMVoXDTI4MDkwNjE5NTcxMVowITEfMB0GA1UEAwwWVW5l&#xD;.....
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list