Download
Abstract
Basic authentication fails to authenticate a user whose user id or password contains non-US-ASCII characters
Download Description
PK23706 resolves the following problem.
ERROR DESCRIPTION:
IBM® WebSphere® Application Server cannot authenticate user IDs or passwords containing characters other than ISO-8859-1 characters. Cannot authenticate user IDs or passwords containing upper bit ASCII characters or double-byte characters using Basic Authentication.
Proposed Solution:
Expose a custom property to set the character encoder. For example, create one custom property named:
com.ibm.websphere.security.BasicAuthEncoding
.
Acceptable value is a supported encoder name such as UTF-8
or Cp1252
. To change the character encoding for BasicAuth header, add this property to the Custom Properties of the Java Virutal Machine. Refer to the Additional Information section in the readme.txt file (see link below).
This value is referenced when the WebAuthenticator class is instantiated, and used when creating a user ID and password from Base64 encoded BasicAuth header. If a user specifies an invalid encoder name, the code writes an exception in ffdc
, and uses the default encoder which is Cp1252
(the same as ISO-8859-1).
LOCAL FIX
None.
PROBLEM SUMMARY
USERS AFFECTED:
Tivoli Device Manager Server users on WebSphere Application Server version 6.02, and who are using non-US ASCII characters for user ID or password.
PROBLEM DESCRIPTION:
Basic authentication fails to authenticate a user whose user ID or password contains non-US ASCII characters.
RECOMMENDATION:
None.
WebSphere Application Server used to use a JRE default character set to decode byte arrays for the Basic Authentication header. The default character set is determined based on the system locale and encoding. For example if WebSphere Application Server is running on an English Microsoft Windows system, Cp1252, is the default character set.
This could affect Tivoli Device Manager Server clients using UTF-8 character sets to log in to the system using Basic Authentication. The character set of WebSphere Application Server is usually Cp1252 or equivalent 8-bit character sets. If the user ID or password contains characters other than Cp1252 or equivalent 8-bit character sets, the client fails to authenticate.
PROBLEM CONCLUSION:
Expose a property to change the character sets of Basic Authentication.
The fix for this APAR is currently targeted for inclusion in fixpack 6.0.2.11. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using ESR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24012189