From 0b0171ddf7cb3dd0b411ea771c599a6348163e32 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Mon, 12 May 2025 10:21:07 +0200 Subject: [PATCH] Fix encoding issues of Shibboleth attributes There is some encoding error with the injection of Shibboleth attributes somewhere between the Apache SAML plugin -> AJP -> Tomcat. Tomcat treats the data as ISO-8859-1 while it actually is UTF-8. --- .../ShibbolethAuthenticationDetailsSource.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/se/su/dsv/oauth2/shibboleth/ShibbolethAuthenticationDetailsSource.java b/src/main/java/se/su/dsv/oauth2/shibboleth/ShibbolethAuthenticationDetailsSource.java index 6e85311..ecae400 100644 --- a/src/main/java/se/su/dsv/oauth2/shibboleth/ShibbolethAuthenticationDetailsSource.java +++ b/src/main/java/se/su/dsv/oauth2/shibboleth/ShibbolethAuthenticationDetailsSource.java @@ -4,6 +4,7 @@ import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.core.GrantedAuthority; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collection; @@ -28,7 +29,13 @@ public class ShibbolethAuthenticationDetailsSource implements } private static String getString(final HttpServletRequest context, final String mail) { - return context.getAttribute(mail) instanceof String s ? s : null; + if (context.getAttribute(mail) instanceof String s) { + // Somewhere in the Shibboleth pipeline, the encoding of the string mixed up. + byte[] bytes = s.getBytes(StandardCharsets.ISO_8859_1); + return new String(bytes, StandardCharsets.UTF_8); + } else { + return null; + } } private static Collection getGrantedAuthorities(final HttpServletRequest context) { -- 2.39.5