Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-3647

Generate warning when using Base64 based secrets if the decoded secret ends in non-ASCII value

    Details

    • Support Ticket IDs:
    • Epic Link:
    • Sprint:
      2019.10 - IG / Microservices, 2019.11 - IG / Microservices, 2019.12 - IG / Microservices
    • Story Points:
      2

      Description

      Some editors add a CR to the end of a line which ends up in the BASE64 secret after encoding.

      When the decoded value is used as part of a username/password exchange, this extra character can result in authentication errors with no hint as to the problem and the original value can look correct.

      Ideally IG would generate a warning log message if it sees a suspect character at the end of the decoded value to help in these scenarios.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                markdr Mark de Reeper
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: