java - org.opensaml.xml.parse.BasicParserPool - XML Parsing Error

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
Currently i am working on SAML IDP intitated SSO implementation.
Here are steps what i have done.
If user session doesn't exists, calling the login URL of IDP server(One login).
    URL serviceUrl = new URL("https://lechm-dev.onelogin.com/trust/saml2/http-post/sso/74697012");
    httpServletResponse.sendRedirect(serviceUrl.toString());
After login, IDP is sending the SAML response to the redirect URL
@RequestMapping(value = {"/saml/auth"})
public String authenticate(HttpServletRequest request, HttpServletResponse response) throws Exception{
    MyUser myUser = null;
    if(null != request.getParameter("SAMLResponse")) {
        myUser = userService.createUserFromResponse(request.getParameter("SAMLResponse"));
    return "authenticate...!  ";
In the user service logic for parsing the SAML response
@Override
public MyUser createUserFromResponse(String samlResponse) throws 
          ParserConfigurationException, SAXException,
        IOException, UnmarshallingException, XMLParserException {
    Response resp = null;
    if (samlResponse != null) {
        Document document = null;
        try {
            DefaultBootstrap.bootstrap();
            BasicParserPool basicParserPool = new BasicParserPool();
            basicParserPool.setNamespaceAware(true);
            Reader reader = new StringReader(samlResponse);
            document = basicParserPool.parse(reader);  // here i am getting SAXParseException
        } catch (ConfigurationException e1) {
            e1.printStackTrace();
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        XMLObject responseXmlObj = unmarshaller.unmarshall(element);
        resp = (Response) responseXmlObj;
        createUserJSONFromAttributes(resp);
    LOG.debug(">>>>>>> SAML Response : MyUser Object  >>>>> :  " + myUser.toString());
    return myUser;
Here, on parsing the SAML response i am facing SAXParseException.
23:59:53 ERROR org.opensaml.xml.parse.BasicParserPool - XML Parsing Error
org.xml.sax.SAXParseException: Content is not allowed in prolog.
    at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
    at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:690)
    at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:233)
Please let me know what i have done wrong.. Please suggest. Thank you in advance.
                What exactly is the SAML response you are attempting to parse as XML?  Is it really the string "authenticate...!  " or is it something else you've chosen to omit from your question?
– Luke Woodward
                Feb 4, 2018 at 14:16
                The response I got from the idp is in byte code. Which is of long byte example : bshdhebhdjhdunruggrujevgduk3bctydiwkbsvvgsjkbwvhhnbegaikwbeguskbvysqopqbev. And the string authenticate...! Is just for return expected for the method.
– Maheshbabu Neeli
                Feb 4, 2018 at 22:18
                That string you give as an example isn't XML (I don't know what it is), so you can't parse it as if it were XML.
– Luke Woodward
                Feb 7, 2018 at 22:29
                I am getting the same error for the XML parsing.  The xml (after decoding the response) starts with  '<?xml version="1.0" encoding="UTF-8"?>'  See the characters at the start? It is breaking the xml parsing.  I suspect it is being sent by the php script
– jqa
                May 14, 2018 at 15:21
                so the junk/extra characters do not show after I post the comment.  In front of the <?xml we see two extra non ASCII characters when we decode the response.
– jqa
                May 14, 2018 at 15:27
        Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.