Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-3187

Custom authentication headers cannot handle Unicode characters

    Details

      Description

      The OpenIDM custom authentication headers are unable to correctly handled unicode characters within either the username or password. This applies to authentication against the OpenIDM repository and via pass-through authentication.

      This limitation is imposed by the restriction on HTTP header values only being allowed to contain ASCII characters and a lack of a well defined and widely supported escaping mechanism. Note that it is possible to use extended ASCII character codes (<256) via escaping as follows:

      British Pound = '/xa3'

      Although BasicAuth does work in certain circumstances (see OPENIDM-1463) browsers do not reliably support unicode characters within BasicAuth headers and therefore this workaround is not a reliable solution.

      See the following related to the topic:

      http://stackoverflow.com/questions/1682398/do-http-request-headers-have-to-be-utf-8-encoded/1682454#1682454
      http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username/703341#703341
      http://stackoverflow.com/questions/4400678/http-header-should-use-what-character-encoding

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                cgdrake Chris Drake
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: