AndersAbel
commented
4 years ago I'm adding a fix for this, but haven't been able to test it with a real Idp. If problem persists after 2.5 release, please comment and I'll re-open.
Closed robinvanleemput closed 4 years ago
AndersAbel
commented
4 years ago I'm adding a fix for this, but haven't been able to test it with a real Idp. If problem persists after 2.5 release, please comment and I'll re-open.
Description
In Saml2ArtifactBinding, when resolving the artifact, the standard .net WebClient sends the artifact and retrieves the SAMLP ticket from the external IDP. The SAMLP ticket is converted from a byte array to string automatically by the .net WebClient library in Saml2SoapBinding.
The .net client should use a configurable encoding to do the conversion or at least an hardcoded UTF-8 encoding and not the encoding returned by System.Text.Encoding.Default property.
As the default encoding setting is machine dependent, it could lead to incorrect conversion for characters (like é, à, ê...) if SP is using Windows-1252 and external IDP is using UTF-8.
On .NET 4.7, System.Text.Encoding.Default returns the system's active code page On .NET core, System.Text.Encoding.Default returns UTF-8 https://docs.microsoft.com/en-us/dotnet/api/system.text.encoding.default?view=netframework-4.7.1#System_Text_Encoding_Default
Additional info