IBM Verify

 View Only
Expand all | Collapse all

ISV - SAML error due to RCF-2045

  • 1.  ISV - SAML error due to RCF-2045

    Posted Wed January 08, 2025 02:02 PM

    Hello Team,

    I am currently working on an IBM Security Verify tenant to configure a SAML federation.
    The Service Provider in this setup is the ThingWorx application.

    The issue arises after a successful authentication on ISV. While ThingWorx receives the SAMLResponse, it fails to process it correctly. According to ThingWorx support, the problem is that the SAMLResponse is encoded in Base64 according to RFC-2045, whereas ThingWorx only supports Base64 encoding as per RFC-4648.
    The primary difference is that RFC-4648 encodes data in a single continuous line, while RFC-2045 introduces line breaks every 76 characters.

    Is there a way to adjust the Base64 encoding in ISV from RFC-2045 to RFC-4648?

    Thank you for your assistance!

    Best regards,

    Alessandro Ciambricco



    ------------------------------
    Alessandro Ciambricco
    ------------------------------


  • 2.  RE: ISV - SAML error due to RCF-2045

    Posted Thu January 09, 2025 12:56 AM

    Hello Alessandro,

    ISV base64 encodes the SAML message according to RFC-2045 , from SAML2 spec http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf, it mentions RFC 2045 

    "The compressed data is subsequently base64-encoded according to the rules specified in IETF
    RFC 2045 [RFC2045]. Linefeeds or other whitespace MUST be removed from the result."

    hence ISV complies to SAML2 spec, if the application does not support RFC-2045 base64 encoding, you might need to check with the application whether it could support it for SAML2 spec compliance.

    Best Regards

    Chen Yongming



    ------------------------------
    Yongming Chen
    ------------------------------