-
1. Re: non-ASCII passwords not working with Elytron and Active Directory
mchoma Feb 13, 2019 11:08 AM (in response to pmm)We are testing the case with umlauts userWithÄÖÜäöüUmlauts / PasswordÄÖÜäöü1 . I dont see any special configuration.
I just remember it was not easy to get password into AD. We had to encode it in special manner. I wonder if that encoding couldnt cause the problem
/** * In fact reimplement this bash command to java > echo -n "\"P@ssw0rd\"" | iconv -f UTF8 -t UTF16LE | base64 > * IgBQAEAAcwBzAHcAMAByAGQAIgA= * */ private String encodePassword(String password) { String encodedPassword = password; try { // expand with apostrophes encodedPassword = "\"" + encodedPassword + "\""; // base64 encoding encodedPassword = Base64.getEncoder().encodeToString(encodedPassword.getBytes("utf-16le")); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } return encodedPassword; } But we have problems with chinese chars in password https://issues.jboss.org/browse/JBEAP-5416
-
2. Re: non-ASCII passwords not working with Elytron and Active Directory
pmm Feb 14, 2019 4:28 AM (in response to mchoma)The set and change the password using the Windows change password functionality. Our clients are on Windows 7 and our AD servers are on Windows 2008 SR2.
-
3. Re: non-ASCII passwords not working with Elytron and Active Directory
mchoma Feb 15, 2019 6:14 AM (in response to pmm)We are using AD 2012R2 and newer. We used 2008 but it was working fine.
When using LDAP BASIC authentication mechanism is used. Check your browser if it is encoded properly. Something on topic [1]. Or try another browser.
Also there is possible to configure BASIC on wildfly side [2] e.g.
<auth-method>BASIC?charset=ISO_8859_1&user-agent-charsets=Chrome,UTF-8,OPR,UTF-8</auth-method>
https://issues.jboss.org/browse/UNDERTOW-595
What exactly is your password. I can try in my environment.
-
4. Re: non-ASCII passwords not working with Elytron and Active Directory
pmm Mar 7, 2019 11:14 AM (in response to mchoma)We are using remote EJB not HTTP(S). Debugging further it seems that we send U+00A8 but on PasswordGuessEvidence in the LdapSecurityReals contains U+0020 U+0308 so it looks that somewhere Unicode Normalization is happening.
-
5. Re: non-ASCII passwords not working with Elytron and Active Directory
pmm Mar 7, 2019 11:55 AM (in response to pmm)Made a new discussion with the issue Unicode normalization in SASL client breaks non-ASCII passwords .