|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
The root cause is rather simple. As soon as an application does a:
request.getParameter("someparam");
the encoding is fixed and no longer changeable. The problem is exactly this - The PicketLink valve is doing such a call, due to which a deployed application gets its parameters in the wrong encoding.
The normal solution is to call:
request.setCharacterEncoding("UTF-8");
before any access to the parameters. But it's exactly this that PicketLink is not doing.
The class in question is the valve:
org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator
public boolean authenticate(Request request, Response response, LoginConfig loginConfig)
throws IOException
{
...
String samlRequest = request.getParameter("SAMLRequest");
String samlResponse = request.getParameter("SAMLResponse");
But also in
private boolean isGlobalLogout(Request request)
private boolean isLocalLogout(Request request)
private boolean handleSAMLRequest(Request request, Response response, LoginConfig loginConfig)
private boolean handleSAMLResponse(Request request, Response response, LoginConfig loginConfig)