Bug 1270708 - [GSS](6.4.z) authentication fails with password containing umlauts
[GSS](6.4.z) authentication fails with password containing umlauts
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
Unspecified Unspecified
high Severity unspecified
: CR1
: EAP 6.4.10
Assigned To: Bartek Spyrko-Smietanko
Josef Cacek
: Security
Depends On: 1312064 1312069
Blocks: eap6410-payload
  Show dependency treegraph
Reported: 2015-10-12 04:34 EDT by Fedor Gavrilov
Modified: 2017-01-17 08:03 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker UNDERTOW-595 Major Resolved Basic authentication with credentials containing umlauts doesn't work on some browsers 2017-08-04 07:48 EDT

  None (edit)
Description Fedor Gavrilov 2015-10-12 04:34:15 EDT
Description of problem:
Authentication using JBoss CLI and management web console works differently, prohibiting authentication with correct password on several occasions if password contains characters such as umlauts (ü). Also, case was reported when LDAP authentication was failing for such passwords as well.

Version-Release number of selected component (if applicable):
JBoss EAP 6.4 with patch 2 applied

Steps to Reproduce:
1. Using add-user.sh script, register a new management user with password like 'test123!ü'. Other details of user creation shouldn't matter.
2. Try connecting with this user using JBoss CLI. Try logging with this user using web management console.

Actual results:
On some systems, CLI authentication fails while web auth is working. On others, vice versa. Issue was seen on Fedora 20 and Ubuntu 14.04 with en_US & de_DE UTF-8 locales were. Similar behaviour was also reported on Windows 7 and Windows 2012 R2.

Expected results:
All authentication attempts successful, just as with passwords containing no umlauts.
Comment 10 JBoss JIRA Server 2016-01-31 16:22:29 EST
Stuart Douglas <stuart.w.douglas@gmail.com> updated the status of jira UNDERTOW-595 to Resolved
Comment 14 Mike McCune 2016-03-28 18:21:53 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 16 Ivo Hradek 2016-08-29 07:55:50 EDT
Verified with EAP 6.4.10.CP.CR2;
Comment 17 Petr Penicka 2017-01-17 08:03:32 EST
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.
Comment 18 Petr Penicka 2017-01-17 08:03:33 EST
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.

Note You need to log in before you can comment on or make changes to this bug.