KB Article #172248

Authentication failure when a password contains non ASCII characters.

Problem


The username and password could contain accented characters ñ, á é and í. The password was definitely enetered correctly in the userstore and the client.

Authentication could be via WS-Security username token or http basic mechanism against the credentials from the userstore.
Data tracing shows for WS-Security username authentication filter the wrong password :-

DEBUG   07/Nov/2013:12:02:22.789 [7717]     working out the digest using: nonce:'g/iUm5eztVflmnfKZLrsNg=='created:'2013-11-07T10:07:15Z'password:'Nuñez'
DEBUG   07/Nov/2013:12:02:22.789 [7717]     WsDigestAuthN.createSha1Digest: Starting
DEBUG   07/Nov/2013:12:02:22.789 [7717]     createSha1Digest: Include Nonce in digest
DEBUG   07/Nov/2013:12:02:22.789 [7717]     createSha1Digest: Include Created date in digest
ERROR   07/Nov/2013:12:02:22.789 [7717]     Failed to authenticate user [null]
ERROR   07/Nov/2013:12:02:22.790 [7717]     java exception:
com.vordel.circuit.authn.VordelAuthNException: WS authentication digest failed. Calculated digest does not match provided digest.
    at com.vordel.security.auth.WsAuthN.verifyWSDigest(WsAuthN.java:389)
    at com.vordel.security.auth.WsAuthN.authenticate(WsAuthN.java:86)
    at com.vordel.circuit.authn.WsUsernameTokenProcessor.invoke(WsUsernameTokenProcessor.java:84)
    at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154)
    at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
    at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229)
    at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36)
    at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290)
    at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131)

DEBUG   07/Nov/2013:12:02:22.790 [7717] } = 0, filter ['WS-Security 'Valida UsernameToken Almacen local']

and for the HTTP basic filter

DEBUG   07/Nov/2013:15:45:12.465 [77ce] run filter [HTTP Basic] {
ERROR   07/Nov/2013:15:45:12.465 [77ce]     Failed to authenticate user [null]
ERROR   07/Nov/2013:15:45:12.466 [77ce]     java exception:
com.vordel.circuit.authn.VordelAuthNException: The HTTP authentication method used is OTlHVTM4MTQ6TnU/ZXo= ,while it is configured to use: Basic
    at com.vordel.security.auth.HttpAuthN.checkAuthNMethod(HttpAuthN.java:73)
    at com.vordel.security.auth.HttpBasicAuthN.getUserCredentialsFromRequest(HttpBasicAuthN.java:75)
    at com.vordel.security.auth.HttpBasicAuthN.authenticate(HttpBasicAuthN.java:39)
    at com.vordel.circuit.authn.HttpProcessor.performAuthentication(HttpProcessor.java:61)
    at com.vordel.circuit.authn.HttpBasicProcessor.invoke(HttpBasicProcessor.java:41)
    at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154)
    at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
    at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229)
    at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36)
    at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290)
    at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131)

DEBUG   07/Nov/2013:15:45:12.466 [77ce] } = 0, filter [HTTP Basic]



Resolution

The server is running in an environment that doesn't default to UTF-8 and since Soapbox and Policy Studio are setup with UTF-8 as their default character coding the same should be done for the API Server or Gateway.
(installation root)/conf/jvm.xml should contain the following


<ConfigurationFragment>
 
<VMArg name="-Dfile.encoding=UTF-8" />
  
</ConfigurationFragment>

or drop in the attached jvm.xml

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.