Trailing whitespace in authnContextClassRef attribute parsed incorrectly

Trailing whitespace in the authnContextClassRef attribute is parsed as an additional authenticator with an empty value.

Example: Adding an extra space in authnContextClassRef here:

<Host name="sp2.example.org" applicationId="sp2" authType="shibboleth" requireSession="true">
<Path name="secure" forceAuthn="true" authType="shibboleth" requireSession="true" authnContextClassRef="urn:mace:ucsd.edu:sso:studentsso ">
</Path>
</Host>

generates this SAML2 authentication request:

<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://sp2.example.org/Shibboleth.sso/SAML2/POST" Destination="https://idp.example.org/tritON/profile/SAML2/Redirect/SSO" ForceAuthn="1" ID="_829099b90161f42c02a2148aa0ce1c1d" IssueInstant="2014-06-13T17:04:50Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp.example.org/shibboleth</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="1"/>
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:ucsd.edu:sso:studentsso</saml:AuthnContextClassRef>
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

Note the multiple saml:AuthnContextClassRef elements in the request, one with no value.