[CWD-4356] Special Characters in application password will break SSO authentication

Type: Bug
Resolution: Not a bug
Priority: Low
Fix Version/s: None
Affects Version/s: 2.8
Component/s: None
Labels:
None

Bug Fix Policy:
View Atlassian Server bug fix policy

When an application is configured in Crowd with SSO with a password that includes special characters such as \, the application authentication will fail. So far I've tested and confirmed that the characters !@#$%&*() do not seem to break the application authentication, however, using them may result in the behavior described in https://jira.atlassian.com/browse/CWD-4243

The Crowd logs contain the following during the failed authentication:

2015-05-12 12:57:42,956 http-bio-8095-exec-25 INFO [plugin.rest.filter.BasicApplicationAuthenticationFilter] Invalid authentication for application with name 'jira641'

Steps to Reproduce:

Setup Crowd with SSO enabled
Setup JIRA to use Crowd (with SSO enabled). Use an application password like pass\word
Attempt to log into JIRA and observe login failure

is related to

CWD-4243 special characters (@, $, & etc) in the application password causes the client application to not provide admin rights when using SSO

Closed

mentioned in: Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.

Form Name

Renata Dornelas made changes - 31/Jan/2025 5:11 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 103980 ]

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1510246 ]	New: JAC Bug Workflow v3 [ 3365942 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Deleted Account (Inactive) added a comment - 18/Feb/2019 6:09 PM

I can verify that $ is a legal character and does not need to be escaped for Crowd to accept it.

Deleted Account (Inactive) added a comment - 18/Feb/2019 6:09 PM I can verify that $ is a legal character and does not need to be escaped for Crowd to accept it.

Owen made changes - 07/Jul/2016 6:19 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1393284 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1510246 ]

James Richards made changes - 28/Jun/2016 6:24 AM

Comment

[ A comment with security level 'atlassian-staff' was removed. ]

Owen made changes - 12/May/2016 2:52 AM

Workflow

Original: Crowd Development Workflow v2 [ 863828 ]

New: Simplified Crowd Development Workflow v2 [ 1393284 ]

Joe Clark made changes - 19/Feb/2016 4:43 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 103980 ]

New: This issue links to "Page (Atlassian Documentation)" [ 103980 ]

Tony Starr made changes - 08/Oct/2015 3:11 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 120841 ]

New: This issue links to "Page (Atlassian Documentation)" [ 120841 ]

Tony Starr made changes - 08/Oct/2015 3:11 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 103980 ]

New: This issue links to "Page (Atlassian Documentation)" [ 103980 ]

Tony Starr made changes - 08/Oct/2015 3:11 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 120095 ]

New: This issue links to "Page (Atlassian Documentation)" [ 120095 ]

Assignee:: Unassigned

Reporter:: David Di Blasio

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 12/May/2015 6:26 PM

Updated:: 31/Jan/2025 5:11 PM

Resolved:: 13/May/2015 7:45 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Deleted Account (Inactive) added a comment - 18/Feb/2019 6:09 PM

Expand comment: Deleted Account (Inactive) added a comment - 18/Feb/2019 6:09 PM

People

Dates