Merge pull request #340 from mauromol/trim-subject-name-id

Trim values obtained with getTextContent() on any XML node

Author: pitbulk

README.md

@@ -362,6 +362,15 @@ onelogin.saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha2
 # Reject Signatures with deprecated algorithms (sha1)
 onelogin.saml2.security.reject_deprecated_alg = true
 
+# Enable trimming of parsed Name IDs and attribute values
+# SAML specification states that no trimming for string elements should be performed, so no trimming will be
+# performed by default on extracted Name IDs and attribute values. However, some SAML implementations may add
+# undesirable surrounding whitespace when outputting XML (possibly due to formatting/pretty-printing).
+# These two options allow to optionally enable value trimming on extracted Name IDs (including issuers) and 
+# attribute values.
+onelogin.saml2.parsing.trim_name_ids = false
+onelogin.saml2.parsing.trim_attribute_values = false
+
 # Organization
 onelogin.saml2.organization.name = SP Java 
 onelogin.saml2.organization.displayname = SP Java Example

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -14,6 +14,8 @@
 import javax.xml.xpath.XPathExpressionException;
 
 import com.onelogin.saml2.model.hsm.HSM;
+
+import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.joda.time.Instant;
 import org.slf4j.Logger;
@@ -469,7 +471,10 @@ public Map<String,String> getNameIdData() throws Exception {
 
 			if (nameIdElem != null) {
 				String value = nameIdElem.getTextContent();
-				if (settings.isStrict() && value.isEmpty()) {
+				if(value != null && settings.isTrimNameIds()) {
+					value = value.trim();
+				}
+				if (settings.isStrict() && StringUtils.isEmpty(value)) {
 					throw new ValidationError("An empty NameID value found", ValidationError.EMPTY_NAMEID);
 				}
 
@@ -596,7 +601,11 @@ public HashMap<String, List<String>> getAttributes() throws XPathExpressionExcep
 				}
 				for (int j = 0; j < childrens.getLength(); j++) {
 					if ("AttributeValue".equals(childrens.item(j).getLocalName())) {
-						attrValues.add(childrens.item(j).getTextContent());
+						String attrValue = childrens.item(j).getTextContent();
+						if(attrValue != null && settings.isTrimAttributeValues()) {
+							attrValue = attrValue.trim();
+						}
+						attrValues.add(attrValue);
 					}
 				}
 
@@ -699,8 +708,11 @@ public List<String> getAudiences() throws XPathExpressionException {
 		for (int i = 0; i < entries.getLength(); i++) {
 			if (entries.item(i) != null) {
 				String value = entries.item(i).getTextContent();
-				if (value != null && !value.trim().isEmpty()) {
-					audiences.add(value.trim());
+				if(value != null) {
+					value = value.trim();
+				}
+				if(!StringUtils.isEmpty(value)) {
+					audiences.add(value);
 				}
 			}
 		}
@@ -722,7 +734,11 @@ public String getResponseIssuer() throws XPathExpressionException, ValidationErr
 		NodeList responseIssuer = Util.query(samlResponseDocument, "/samlp:Response/saml:Issuer");
 		if (responseIssuer.getLength() > 0) {
 			if (responseIssuer.getLength() == 1) {
-				return responseIssuer.item(0).getTextContent();
+				String value = responseIssuer.item(0).getTextContent();
+				if(value != null && settings.isTrimNameIds()) {
+					value = value.trim();
+				}
+				return value;
 			} else {
 				throw new ValidationError("Issuer of the Response is multiple.", ValidationError.ISSUER_MULTIPLE_IN_RESPONSE);
 			}
@@ -745,7 +761,11 @@ public String getResponseIssuer() throws XPathExpressionException, ValidationErr
 	public String getAssertionIssuer() throws XPathExpressionException, ValidationError {
 		NodeList assertionIssuer = this.queryAssertion("/saml:Issuer");
 		if (assertionIssuer.getLength() == 1) {
-			return assertionIssuer.item(0).getTextContent();
+			String value = assertionIssuer.item(0).getTextContent();
+			if(value != null && settings.isTrimNameIds()) {
+				value = value.trim();
+			}
+			return value;
 		} else {
 			throw new ValidationError("Issuer of the Assertion not found or multiple.", ValidationError.ISSUER_NOT_FOUND_IN_ASSERTION);
 		}