Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-12207

UI login fails with non-ASCII username or password

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 5.5.0, 6.5.0, 7.0.0, 6.0.0.2
    • Fix Version/s: 7.0.0, 6.0.0.6, 6.5.0.4
    • Component/s: None
    • Labels:

      Description

      The login screens for IDM set three headers for authentication:

      • X-OpenIDM-Username
      • X-OpenIDM-Password
      • X-OpenIDM-Reauth-Password

      Web browsers cannot set header-values with non-ASCII characters, and will throw an error. https://bugs.chromium.org/p/chromium/issues/detail?id=319694

      To reproduce:

      1. Create a user and give them password Păssw0rd
      2. Try to login using the password Păssw0rd
      3. Now, try logging in with the encoded password UTF-8''P%C4%83ssw0rd
      4. It works!

      We introduced support for RFC 5987 ( https://tools.ietf.org/html/rfc5987 ) encoding of username/password in OPENIDM-3187. The following JavaScript function could be used to encode any UTF-8 value set to the username/password headers:

      function encodeRFC5987Value(str) {
          return "UTF-8''" + encodeURIComponent(str).
              replace(/['()]/g, escape).
              replace(/\*/g, '%2A').
                  replace(/%(?:7C|60|5E)/g, unescape);
      }
      

      One may want to check that any HTML text-input components are set to UTF-8, if possible.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthias.grabiak Matthias Grabiak
                Reporter:
                travis.haagen Travis Haagen
                QA Assignee:
                Son Nguyen
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: