Symantec Access Management

Hi to All,

I have Siteminder 12.8sp on Linux Centos 7 with JDK 1.8.0_151 
I configured siteminder as IDP and I have another system like SP (in this case it's a Netscaler, but I don't think it matters.).  HTTP-POST binding,
The problem is that the SAML tokens generated by siteminder have "strange" characters in the tags of the signatures and the certificate. These characters are 
  that make me think of the "newline" character.
I paste the decoded tokens below (I took them from POST, but I verified that I find them also in the smtrace policy server logs).

<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://dev-app.cen.poliziadistato.it/cgi/samlauth" ID="_6cf2b3197405aa0dd55323ba36600c728890" IssueInstant="2019-05-13T07:45:40Z" Version="2.0">

[cut]

</ds:SignedInfo> <ds:SignatureValue> I8LUIhLSY40RitYi4b5zTzBMa2Bd0ZFxcTy72poIiVjHcucq7JHrlh0IFSc3a3p5wW7ckRFs0Zrq&#13; 0EZ4nPfzn5Aa1u0XU83h4DDawjR6EmnhWGr3vdYce4BS9Oq68T616O8r+rg9RK0r3WgUXz/fO59K&#13; 5TrrjOm5nBGBjpauCxQ= </ds:SignatureValue>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIIB2DCCAUGgAwIBAgIRAIWG/xsSzTpy85Id3zNga14wDQYJKoZIhvcNAQELBQAwKjEMMAoGA1UE&#13; CgwDQ0VOMQwwCgYDVQQLDANDRU4xDDAKBgNVBAMMA0NFTjAeFw0xNzEyMTQxMTMzNTNaFw0yNzEw&#13; MjMxMDMzNTNaMCoxDDAKBgNVBAoMA0NFTjEMMAoGA1UECwwDQ0VOMQwwCgYDVQQDDANDRU4wgZ8w&#13; DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ1JpmfPkBemEKDbr6495rbHtZ0ym5MYQ6Wqk0USRPxO&#13; +CFMx5gYr7uQsy/44vRT6jSW7cEuiyG0fwidjLATV05zOdcadttEH3M3gMzTxoYuYZSlnmfj2ETY&#13; LftSL7+6FQiqdOjG4SkkvQIGPMC2oH84eJfymSiu81OGEEbjS7nzAgMBAAEwDQYJKoZIhvcNAQEL&#13; BQADgYEAGG7CnEaNy3yuswhGNJ+iF0n2MMlPgoOzKgSMEiCD0XS89bMtuIlibJ8Em3oidhuwXa/C&#13; B86wDhHFPJGg+cXe7K30Qph87EdEEz+THb6DdT5Bntmki6N0kYE8s7OSFHVi6lcpNYcCrnU0fWP5&#13; rmUxRbBV2SRlwXDGIDqZLsy6A7k= </ds:X509Certificate> </ds:X509Data>
[cut]

I used the same configuration that I have on an older system (Siteminder 12.8sp, JDK 1.80.151 on a different policy store, same certificate) . 
In the old environment everything works and there are not those characters at the end of each line in the certificate and signature tags. Apparently the configurations are the same. Has it already happened to you? Do you have any suggestions?
Thanks in advance
Marco

p.s. 

in the new enviroment Without Signing I have no error! 

This is a known issue with 12.8 GA and is fixed in 12.8 SP1 .I strongly recommend to install 12.8SP2 though as there many issues with 12.8 GA and 12.8 SP1

if you still want resolution on 12.8 GA, follow below

 1. Download "xmlsec-2.1.2.jar" file from internet.

2. Shutdown Policy Server

3. Rename "/bin/endorsed/xmlsec-2.1.0.jar" to xmlsec-2.1.0.jar_backup

4. Copy "xmlsec-2.1.2.jar" file to "/bin/endorsed/"

5. Backup "/config/JVMOptions.txt"

6. Update "/config/JVMOptions.txt" file as below sample.

a) Updating the file path from pointing to xmlsec-2.1.0.jar to xmlsec-2.1.2.jar

b) Adding "-Dorg.apache.xml.security.ignoreLineBreaks=true"

7. Startup Policy Server

I updated to 12.8sp2 and everything works! 
Thanks!
Marco