Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-4356

Special Characters in application password will break SSO authentication

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Low
    • Resolution: Not a bug
    • Affects Version/s: 2.8
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      When an application is configured in Crowd with SSO with a password that includes special characters such as \, the application authentication will fail. So far I've tested and confirmed that the characters !@#$%&*() do not seem to break the application authentication, however, using them may result in the behavior described in https://jira.atlassian.com/browse/CWD-4243

      The Crowd logs contain the following during the failed authentication:

      2015-05-12 12:57:42,956 http-bio-8095-exec-25 INFO [plugin.rest.filter.BasicApplicationAuthenticationFilter] Invalid authentication for application with name 'jira641'

      Steps to Reproduce:

      1. Setup Crowd with SSO enabled
      2. Setup JIRA to use Crowd (with SSO enabled). Use an application password like pass\word
      3. Attempt to log into JIRA and observe login failure

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ddiblasio David Di Blasio
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: