I've got the SAML module working in Mx 7.1.1 with the Cloud V4. The importance what I foud was that the content of the certificates of the ADFS Metadata XML isn't imported correctly by Mendix. I've tested this with printing the raw certificate data in the console log from the Java 'CertificateHandler.java'. In the cloud the raw data was completely different than locally. Where locally the raw data is the same as the Base64 binary of the Metadata XML.
What I did:
public static void extractCertificateMetaData( IContext context, IMendixObject certObj ) throws IOException, CertificateException {
X509Certificate cert = X509Certificate.initialize(context, certObj);
// Verify the certificate content and extract the basic information such as issuer/subject/etc
String contents = getCertificateContents(cert.getBase64());
...
And just parse the Base64 raw data as certificate without the header and footer.
public static String getCertificateContents( String tagValue ) throws CertificateException, IOException {
//tagValue = "-----BEGIN CERTIFICATE-----\r\n" + StringUtils.trim(tagValue) + "\r\n-----END CERTIFICATE-----";
//SAMLRequestHandler._logNode.info(tagValue);
InputStream inStream = new ByteArrayInputStream(Base64.getDecoder().decode(tagValue.trim()));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(inStream);
inStream.close();
return cert.toString();
}
For me this got it working with the help of stackoverflow
Did you have a look at https://confluence.atlassian.com/jirakb/java-certificate-issue-ioexception-derinputstream-getlength-lengthtag-109-too-big-761505154.html ? A bug seems unlikely here.
New version available for this issue according to the release notes: