Pound symbol as part of password not being accepted

John Baker john.e.baker at franklin.ac.uk
Wed Apr 9 09:51:33 EDT 2014 

Hi

We had a similar problem with authentication, not Shibboleth, which was found to be caused  by our WiFi network  not accepting the £ or $ symbols in passwords for passing on for authentication.

John Baker

ICT Operations Manager

Tel: 01472 875000     Ext: 722     Fax: 01472 875019

EMAIL DISCLAIMER/CONFIDENTIALITY STATEMENT
This email message and any attachments are confidential and intended for the addressee(s) only. If they have come to you in error then you must not disclose, copy or distribute the contents to anyone. Please notify sender of the error and ensure you delete the message and any attachments from your system.
Franklin College accepts no responsibility for computer viruses and recommends that the addressee check for viruses before opening any attachments.
Any views or opinions presented are solely those of the author and do not necessarily represent those of Franklin College. The college does not accept legal responsibility for those views.
The Internet is not secure and therefore Franklin College does not accept legal responsibility for the contents of this message. Please note that Franklin College may intercept inbound and outbound messages.
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Morris, Andi
Sent: 09 April 2014 13:47
To: 'Shib Users'
Subject: RE: Pound symbol as part of password not being accepted

To bump and old thread, I'm still getting this issue.

I've added " AddDefaultCharset utf-8" to the bottom of my httpd.conf file in Apache 2.2.17, and also " URIEncoding="UTF-8"" into the 8080 and 8443 connectors in TomCat6.0's server.xml.

The server was restarted after the changes were made, however the problem is not resolved.

I have found https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass which suggests that I can accept these characters by adding the following to my login.jsp and rebuild the package:
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" >

However, I'm not sure whether this will apply to me, as my username/password login handler in handler.xml is commented out, in favour of ph:RemoteUser and ph:PreviousSession 

    <!-- Login Handlers -->
    <ph:LoginHandler xsi:type="ph:RemoteUser">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
    </ph:LoginHandler>
    
    <!--  Username/password login handler -->
    <!-- 
    <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                  jaasConfigurationLocation="file://C:\Program Files (x86)\shibboleth-idp/conf/login.config">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
    </ph:LoginHandler>
    -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
        on every request.
    -->
    <ph:LoginHandler xsi:type="ph:PreviousSession">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
    </ph:LoginHandler>

Does anyone think that adding this line in to the login.jsp and rebuilding will actually help me get rid of this issue?

Cheers,
Andi

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 26 September 2013 14:53
To: Shib Users
Subject: Re: Pound symbol as part of password not being accepted

On 9/26/13 8:48 AM, "Morris, Andi" <amorris at cardiffmet.ac.uk> wrote:

>We¹ve just come across an odd problem here where a user could log into 
>all our remote resources apart from the shibboleth authenticated ones.
>Upon investigation I could see in the Apache ssl_443_error_log file 
>that the user was being denied  access with an ³unknown user name or 
>bad password² error. I could see that the username being typed was 
>correct from the same log file, and just on a hunch I decided to change 
>the password of the user from something that contained the £ symbol to 
>something  that didn¹t, and suddenly access was granted.
> 
>Does anybody know the reason for this, and how I can resolve it?

Not really, but seems like some kind of encoding issue between the browser and the web server most likely. You'd have to make sure everything is in sync on that, including IIRC some settings on the Tomcat connector to control how it handles data coming in.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list