Idea ID: 2872678

Make configupdate tolerant of Azure AD IDP metadata for SAML 2.0 federation

Status : New Idea

When in configupdate you select SAML as the authentication method and point it to the metadata URL for Azure AD you get this error:

[Fatal Error] :1:1: Content is not allowed in prolog.

Error saving configuration
Authentication Method: 'Load on save': Unable to load SAML 2.0 metadata from the IDP: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.

If you ignore the error it will still work since OSP is able to load and parse the metadata.

The error message is probably because Microsoft uses as Byte Order Mark (BOM) (<U+FEFF>) before the prolog in the metadata.

It would be great if configupdate could made tolerant of such metadata formats, i.e. UTF-8 with a BOM.