Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8708

Authentication can fail for users with non-ascii character in multi-server environment

    Details

    • Sprint:
      AM Sustaining Sprint 20
    • Support Ticket IDs:

      Description

      Authentication can fail for users with non-ascii character in multi-server environment; that will happen when there is the need for cross-talk, e.g.if the amAuthCookie was obtained on one server, but credentials posted on second server, or if there is a session upgrade where authN does not take place in originating server of initial authentication.

      Steps to reproduce:

      • set up a deployment with two openam servers
      • create a user with non ASCII character, such as testusër
      • access am1 login page:
        curl -v -b cookiejar -c cookiejar http://am1.example.com:18080/openam/UI/Login
        
      • POST the credential to am2 with amauthcookie from am1:
        curl -v -X POST --data "IDToken1=testusër&IDToken2=password&IDButton=Log%20In" -b cookiejar http://am2.example.com:28080/openam/UI/Login
        

      Expected result: Successful authentication: am2 cross-talks to am1 (note that this is successful for users with only ASCII characters)

      Observed behaviour: Authentication failed: am2 sends badly encoded data to am1 during cross-talk:

      amAuthClientUtils:04/12/2016 01:37:08:029 PM BST: Thread[http-bio-28080-exec-10,5,main]
      SENDING DATA ... 
      ...
      Request data : IDToken2=password&IDButton=Log+In&IDToken1=testus%C3%83%C2%ABr
      

      where the value of IDToken1 has some extra characters in the encoding: testus%C3%83%C2%ABr instead of testus%C3%ABr

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              nathalie.hoet Nathalie Hoet
              QA Assignee:
              Filip Kubáň [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h