Is there a way to prevent Cognito from including Line Feed Characters ("\x0a") in SAML Requests.

0

We use Amplify with Cognito with logins, and have a federated identity provider that has reported that cognito sometimes includes line feed characters in generated SAML Requests. This is causing problems for them - They stated it is a security concern, however given that SAMLRequests from cognito are unsigned I imagine that they may be having difficulty parsing the value. I was not initially able to reproduce the issue, but I noticed that cognito seems to do this if the redirect is longer. (All the examples they sent had a redirect which was over 3000 characters long). Longer requests seem to be due to a larger than normal RelayState being included in the response.

So my question is 2 part:

  1. Is there a way to force cognito not to include line feed characters in the redirect?
  2. If not, is there a way to reduce the length of the RelayState (Given that this is a login, and that the RelayState is encrypted, I can't imagine what other data is being stored there.) Can amplify be used to clear the session? Will calling some sort of logout before logging in help here?
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions