PK23706; 6.0.2.9: unable to authenticate user IDs or passwords containing double

Download

Abstract

Basic authentication fails to authenticate a user whose user id or password contains non-US-ASCII characters

Download Description

PK23706 resolves the following problem.

ERROR DESCRIPTION:
IBM® WebSphere® Application Server cannot authenticate user IDs or passwords containing characters other than ISO-8859-1 characters. Cannot authenticate user IDs or passwords containing upper bit ASCII characters or double-byte characters using Basic Authentication.

Proposed Solution:
Expose a custom property to set the character encoder. For example, create one custom property named:
com.ibm.websphere.security.BasicAuthEncoding.

Acceptable value is a supported encoder name such as UTF-8 or Cp1252. To change the character encoding for BasicAuth header, add this property to the Custom Properties of the Java Virutal Machine. Refer to the Additional Information section in the readme.txt file (see link below).

This value is referenced when the WebAuthenticator class is instantiated, and used when creating a user ID and password from Base64 encoded BasicAuth header. If a user specifies an invalid encoder name, the code writes an exception in ffdc, and uses the default encoder which is Cp1252 (the same as ISO-8859-1).

LOCAL FIX
None.

PROBLEM SUMMARY

USERS AFFECTED:
Tivoli Device Manager Server users on WebSphere Application Server version 6.02, and who are using non-US ASCII characters for user ID or password.

PROBLEM DESCRIPTION:
Basic authentication fails to authenticate a user whose user ID or password contains non-US ASCII characters.

RECOMMENDATION:
None.

WebSphere Application Server used to use a JRE default character set to decode byte arrays for the Basic Authentication header. The default character set is determined based on the system locale and encoding. For example if WebSphere Application Server is running on an English Microsoft Windows system, Cp1252, is the default character set.

This could affect Tivoli Device Manager Server clients using UTF-8 character sets to log in to the system using Basic Authentication. The character set of WebSphere Application Server is usually Cp1252 or equivalent 8-bit character sets. If the user ID or password contains characters other than Cp1252 or equivalent 8-bit character sets, the client fails to authenticate.

PROBLEM CONCLUSION:
Expose a property to change the character sets of Basic Authentication.

The fix for this APAR is currently targeted for inclusion in fixpack 6.0.2.11. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"7416","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK23706/readme.txt"}]

Off

          [{"DNLabel":"6.0.2.9-WS-WAS-IFPK23706","DNDate":"04-28-2006","DNLang":"US English","DNSize":"18261","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK23706/6.0.2.9-WS-WAS-IFPK23706.pak","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK23706/6.0.2.9-WS-WAS-IFPK23706.pak"}]
          

Technical Support

Contact IBM Support using ESR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0.2.9","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Problems (APARS) fixed
PK23706

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24012189

Tips