Pound symbol as part of password not being accepted

[Morris, Andi]

To bump and old thread, I'm still getting this issue.

I've added " AddDefaultCharset utf-8" to the bottom of my httpd.conf file in Apache 2.2.17, and also " URIEncoding="UTF-8"" into the 8080 and 8443 connectors in TomCat6.0's server.xml.

The server was restarted after the changes were made, however the problem is not resolved.

I have found https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass which suggests that I can accept these characters by adding the following to my login.jsp and rebuild the package:
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" >

However, I'm not sure whether this will apply to me, as my username/password login handler in handler.xml is commented out, in favour of ph:RemoteUser and ph:PreviousSession 

    <!-- Login Handlers -->
    <ph:LoginHandler xsi:type="ph:RemoteUser">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
    </ph:LoginHandler>
    
    <!--  Username/password login handler -->
    <!-- 
    <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                  jaasConfigurationLocation="file://C:\Program Files (x86)\shibboleth-idp/conf/login.config">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
    </ph:LoginHandler>
    -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
        on every request.
    -->
    <ph:LoginHandler xsi:type="ph:PreviousSession">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
    </ph:LoginHandler>

Does anyone think that adding this line in to the login.jsp and rebuilding will actually help me get rid of this issue?

Cheers,
Andi

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 26 September 2013 14:53
To: Shib Users
Subject: Re: Pound symbol as part of password not being accepted

On 9/26/13 8:48 AM, "Morris, Andi" <amorris at cardiffmet.ac.uk> wrote:

>We¹ve just come across an odd problem here where a user could log into 
>all our remote resources apart from the shibboleth authenticated ones.
>Upon investigation I could see in the Apache ssl_443_error_log file 
>that the user was being denied  access with an ³unknown user name or 
>bad password² error. I could see that the username being typed was 
>correct from the same log file, and just on a hunch I decided to change 
>the password of the user from something that contained the £ symbol to 
>something  that didn¹t, and suddenly access was granted.
> 
>Does anybody know the reason for this, and how I can resolve it?

Not really, but seems like some kind of encoding issue between the browser and the web server most likely. You'd have to make sure everything is in sync on that, including IIRC some settings on the Tomcat connector to control how it handles data coming in.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net