SAML Upgrade issues in version 1.1.7

Issue

After upgrading SAML plugin to the version 1.1.7 has been detected some ADFS that are not able to handle properly the certificates sent from the plugin. From the jenkins perspective you might see an error like:

WARNING	o.j.p.saml.SamlSecurityRealm#doFinishLogin: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder
For more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/main/doc/CONFIGURE.md#configuring-plugin-settings
If you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/main/doc/TROUBLESHOOTING.md
org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder
	at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSamlProtocolResponse(SAML2DefaultResponseValidator.java:208)
	at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validate(SAML2DefaultResponseValidator.java:132)
	at org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver.receiveMessage(SAML2WebSSOMessageReceiver.java:77)
	at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35)
	at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:225)
	at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:60)
	at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:106)
	at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:55)
Caused: org.acegisecurity.BadCredentialsException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder
	at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:59)
	at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:35)
	at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:64)
	at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:311)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)

Environment

CloudBees CI (CloudBees Core)
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
CloudBees Jenkins Enterprise
CloudBees Jenkins Enterprise - Managed controller
CloudBees Jenkins Enterprise - Operations center

Resolution

The libraries update in the plugin does not handle the lines breaks in the certificate, so, adding the parameter:

-Dorg.apache.xml.security.ignoreLineBreaks=true

Will fix the issue. If you need additional details on how to apply the suggested changes, please review: How to add Java arguments to Jenkins?