Invalid certficate error with x509 cert has CRLF endings

[rnavaneeth]

Hello there, I came across a situation where the x509 certificate shared has the following format `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` When I investigated further, I realised that the s are unicode for \r\n. Is there a setting that will parse this certificate? Any help or direction here will help.

[harshnamdev98]

Hi, Encountered the same issue "Signature validation failed. SAML Response rejected". When the x509 certificate is in the above similar format, In our case IDP is "Broadcom Siteminder CA Single Sign-On", let me know if there is any workaround. TAI

[pearsekennedyonelogin]

That looks like an issue on the Broadcom SiteMinder side. If it's the same as their internal defect DE374779, then it was fixed in r12.8.01. See https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-01.html If your IDP is on SiteMinder r12.8 base, then you will probably need to apply the latest CR.

[rnavaneeth]

thanks a ton @pearsekennedyonelogin . from their release notes, looks like that could be the issue on our side. Let me try the upgrade and get back if it works.