ISSUE
Following an update to the latest version DualShield Authentication Server and IIS Agent, end users are no longer able to access a web SSO app such as OWA.
CAUSE
Looking at the HAR file It appears that OpenSAML thought the Signature was legitimate, but chilkat (the library we used in IIS agent) does not like it.
This may have been been introduced by the recent upgrade on OpenSAML library.
Therefore once customers have upgraded DualShield to the latest version they will see the error above
RESOLUTION
Open Java options ( see How to Reset the sa Password in DualShield which demonstrates how to launch Java Options)
Append this line..
-Dorg.apache.xml.security.ignoreLineBreaks=true
Save and restart the DualShield Server service.