ReceiveSsoAsync() throws exception when Content-Type request header contains directives

Hello,

I am currently working with a new IDP, who is running into some issues when POSTing to our ACS endpoint. After doing some digging, I’ve found the issue as it relates to the Content-Type request header sent from their server.

The exception I’m seeing in our logs reads:
Exception: ComponentSpace.Saml2.Exceptions.SamlBindingException
Message: A SAML message cannot be received as the HTTP request is unrecognized.

It appears their server sends the following Content-Type request header:
Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1

Upon removing the “charset” directive from the Content-Type, the request is able to make it through successfully. My understanding is Content-Type: application/x-www-form-urlencoded assumes UTF-8, but some legacy IIS servers may still require an associated charset to be provided.

I am reaching out today, in hopes to gain some more information on how ComponentSpace reads in the Content-Type, and whether or not there are any easy workarounds to this issue. Unfortunately, it may be a large task for our IDP partner to remove “charset” from their header.

Any insight on this issue would be greatly appreciated!

Regards
Steve

Hi Steve,

Thank you for the details and your analysis. As you say, we’re looking for a Content-Type of “application/x-www-form-urlencoded”. We should handle a charset being included in this header.

Please contact support@componentspace.com, mentioning your form post, so we can organize a patch for you. We’ll also ensure this is fixed in the next release.

Thanks Steve. We’ve received your email and will send you a patch shortly.