Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-3187

Custom authentication headers cannot handle Unicode characters

    Details

    • Sprint:
      OpenIDM Sprint 68
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      The OpenIDM custom authentication headers are unable to correctly handled unicode characters within either the username or password. This applies to authentication against the OpenIDM repository and via pass-through authentication.

      This limitation is imposed by the restriction on HTTP header values only being allowed to contain ASCII characters and a lack of a well defined and widely supported escaping mechanism. Note that it is possible to use extended ASCII character codes (<256) via escaping as follows:

      British Pound = '/xa3'

      Although BasicAuth does work in certain circumstances (see OPENIDM-1463) browsers do not reliably support unicode characters within BasicAuth headers and therefore this workaround is not a reliable solution.

      See the following related to the topic:

      http://stackoverflow.com/questions/1682398/do-http-request-headers-have-to-be-utf-8-encoded/1682454#1682454
      http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username/703341#703341
      http://stackoverflow.com/questions/4400678/http-header-should-use-what-character-encoding

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                cgdrake Chris Drake
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: