PK15731: PROBLEM USING NLV CHARACTERS W/ IDS AND PASSWORDS AND USING BASIC AUTHENTICATION | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The basic authentication used by the web browser fails when NLV characters are used for the user id and/or password. The problem is also seen when special characters are used in the password. Failing characters are: ~!@#$%ᆰ&*\(\)-_+={}■\|;:/?.,<>"'` The following error may be seen in the systemout.log. SECJ0336E: Authentication failed for user cn=user0099,ou=user,dc=abc because of the following exception javax.naming.AuthenticationException: ■LDAP: error code 49 - Invalid Credentials -Local fix Don't use NLV characters for user id and passwords. Search Keyword: LDAP LTPA security logon login * # !Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server security * * users using HTTP basic authentication * **************************************************************** * PROBLEM DESCRIPTION: HTTP basic authentication may fail if * * authentication data contains national * * language special characters * **************************************************************** * RECOMMENDATION: * **************************************************************** When using HTTP basic authentication, user agent send Base64 encoded authentication data to server, and server has to decode the authentication data before doing authentication. Server used to use UTF-8 to decode the authentication data, which causes problem if user agent uses different encoding to encode the data. HTTP spec seems not clearly document how user agent comminucates head encoding with server, and currently there is no mechanism to reveal encoding used in request head.Problem conclusion With this fix, WebSphere Application server security uses plateform default encoding to decode the Base64 encoded data from user agent. Administrator should make sure the encoding used in user agent to match the plateform default encoding. The fix for this APAR is currently targeted for inclusion in fixpack 5.0.2.14 and 5.1.1.8 and 6.0.2.4. Please refer to the Recommended Updates page for delivery dates: http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP &uid=swg27004980Temporary fix Test fix providedComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 10A
Software edition:
Reference #: PK15731
IBM Group: Software Group
Modified date: Nov 23, 2005
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.