[CAM-3755] LDAP Authentication fails if password has special (acceented) characters

Type: Bug Report
Resolution: Won't Fix
Priority: L2 - Critical
Fix Version/s: None
Affects Version/s: 7.2.0
Component/s: admin, tasklist
Labels:
- login
Environment:
Server: Linux Centos, Tomcat 7, Camunda Standalone Webapp (war)
LDAP Server: Microsoft Active Directory
Browser: Google Chrome (on Windows Server 64 bit)

The plugin for ldap authentication is enabled, one users has a password with accented characeters ("à"). Login fails (the error message is "wrong credentials").
Login works for other users.

In log file there is the following exception:

apr 14, 2015 4:41:46 PM org.camunda.bpm.engine.rest.exception.ProcessEngineExceptionHandler toResponse
AVVERTENZA: org.camunda.bpm.engine.impl.identity.IdentityProviderException: Could not connect to LDAP server
at org.camunda.bpm.identity.impl.ldap.LdapIdentityProviderSession.openContext(LdapIdentityProviderSession.java:117)
at org.camunda.bpm.identity.impl.ldap.LdapIdentityProviderSession.checkPassword(LdapIdentityProviderSession.java:284)
at org.camunda.bpm.engine.impl.cmd.CheckPassword.execute(CheckPassword.java:37)
at org.camunda.bpm.engine.impl.cmd.CheckPassword.execute(CheckPassword.java:24)
at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:24)
at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:97)
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor$1.doInTransaction(SpringTransactionInterceptor.java:42)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130)
at org.camunda.bpm.engine.spring.SpringTransactionInterceptor.execute(SpringTransactionInterceptor.java:40)
at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:32)
at org.camunda.bpm.engine.impl.IdentityServiceImpl.checkPassword(IdentityServiceImpl.java:99)
at org.camunda.bpm.webapp.impl.security.auth.UserAuthenticationResource.doLogin(UserAuthenticationResource.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

This is the controller panel for Smart Panels app

Daniel Meyer added a comment - 21/Apr/15 1:44 PM

Thanks for reporting this bug.

Daniel Meyer added a comment - 21/Apr/15 1:44 PM Thanks for reporting this bug.

Giorgio added a comment - 21/Apr/15 1:56 PM - edited

Thanks to you! I noticed that the bug is correlated to Microsoft Active Directory. If I connect to Open Ldap the authentication is ok also with accented characters.

Giorgio added a comment - 21/Apr/15 1:56 PM - edited Thanks to you! I noticed that the bug is correlated to Microsoft Active Directory. If I connect to Open Ldap the authentication is ok also with accented characters.

Daniel Meyer added a comment - 21/Apr/15 3:03 PM

Thanks for that information. We hope we can look at the issue after the next minor release (7.3)

Let us know if you need assistence with a pull request in case you want to look into it yourself

Daniel Meyer added a comment - 21/Apr/15 3:03 PM Thanks for that information. We hope we can look at the issue after the next minor release (7.3) Let us know if you need assistence with a pull request in case you want to look into it yourself

Stefan added a comment - 20/Jul/15 12:59 PM

Hi gio.chiriaco,

I have a guess what the problem is. I guess that the credentials would need to be encoded in UTF-8.
Would it be possible that you test this sugestion by encoding the inputs in UTF-8?

Cheers,

Stefan

Stefan added a comment - 20/Jul/15 12:59 PM Hi gio.chiriaco , I have a guess what the problem is. I guess that the credentials would need to be encoded in UTF-8. Would it be possible that you test this sugestion by encoding the inputs in UTF-8? Cheers, Stefan

Giorgio added a comment - 20/Jul/15 2:31 PM

Hi Stefan,
I added the "org.springframework.web.filter.CharacterEncodingFilter" in web.xml of the camunda web app and "URIEncoding='UTF-8'" to connector configuration in Tomcat.
The same configuration with Open Ldap works, so I think that the problem is related to Active Directory.

Cheers,
Giorgio

Giorgio added a comment - 20/Jul/15 2:31 PM Hi Stefan, I added the "org.springframework.web.filter.CharacterEncodingFilter" in web.xml of the camunda web app and "URIEncoding='UTF-8'" to connector configuration in Tomcat. The same configuration with Open Ldap works, so I think that the problem is related to Active Directory. Cheers, Giorgio

Stefan added a comment - 20/Jul/15 4:05 PM - edited

Hi Giorgio,

as you have stated, the problem lies within the Microsoft AD and the question is if there is something we need to change in the platform to get it working if the problem is not on our side.

There are also other people with the same problem:

http://forums.juniper.net/t5/SSL-VPN/Issues-with-surnames-passwords-containing-accents/td-p/36715

Their idea was to tcpdump the connection and checking which encoding the AD wants to be authenticated with.

e.g: you could test Windows-1252 instead of UTF-8

Cheers,

Stefan

Stefan added a comment - 20/Jul/15 4:05 PM - edited Hi Giorgio, as you have stated, the problem lies within the Microsoft AD and the question is if there is something we need to change in the platform to get it working if the problem is not on our side. There are also other people with the same problem: http://forums.juniper.net/t5/SSL-VPN/Issues-with-surnames-passwords-containing-accents/td-p/36715 Their idea was to tcpdump the connection and checking which encoding the AD wants to be authenticated with. e.g: you could test Windows-1252 instead of UTF-8 Cheers, Stefan

Thorben Lindhauer added a comment - 30/Aug/22 3:49 PM

We are closing this ticket as part of our backlog grooming. Reasons:

We did not receive sufficient evidence that this ticket is important

Thorben Lindhauer added a comment - 30/Aug/22 3:49 PM We are closing this ticket as part of our backlog grooming. Reasons: We did not receive sufficient evidence that this ticket is important

Assignee:: Stefan

Reporter:: Giorgio

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 14/Apr/15 8:01 PM

Updated:: 30/Aug/22 3:49 PM

Resolved:: 30/Aug/22 3:49 PM

camunda BPM

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

Collapse comment: Daniel Meyer added a comment - 21/Apr/15 1:44 PM

Expand comment: Daniel Meyer added a comment - 21/Apr/15 1:44 PM

Collapse comment: Giorgio added a comment - 21/Apr/15 1:56 PM, Edited by Giorgio - 21/Apr/15 1:57 PM

Expand comment: Giorgio added a comment - 21/Apr/15 1:56 PM, Edited by Giorgio - 21/Apr/15 1:57 PM

Collapse comment: Daniel Meyer added a comment - 21/Apr/15 3:03 PM

Expand comment: Daniel Meyer added a comment - 21/Apr/15 3:03 PM

Collapse comment: Stefan added a comment - 20/Jul/15 12:59 PM

Expand comment: Stefan added a comment - 20/Jul/15 12:59 PM

Collapse comment: Giorgio added a comment - 20/Jul/15 2:31 PM

Expand comment: Giorgio added a comment - 20/Jul/15 2:31 PM

Collapse comment: Stefan added a comment - 20/Jul/15 4:05 PM, Edited by Stefan - 20/Jul/15 4:06 PM

Expand comment: Stefan added a comment - 20/Jul/15 4:05 PM, Edited by Stefan - 20/Jul/15 4:06 PM

Collapse comment: Thorben Lindhauer added a comment - 30/Aug/22 3:49 PM

Expand comment: Thorben Lindhauer added a comment - 30/Aug/22 3:49 PM

People

Dates

Salesforce