-
Bug
-
Resolution: Not a bug
-
Low
-
None
-
2.8
-
None
-
None
When an application is configured in Crowd with SSO with a password that includes special characters such as \, the application authentication will fail. So far I've tested and confirmed that the characters !@#$%&*() do not seem to break the application authentication, however, using them may result in the behavior described in https://jira.atlassian.com/browse/CWD-4243
The Crowd logs contain the following during the failed authentication:
2015-05-12 12:57:42,956 http-bio-8095-exec-25 INFO [plugin.rest.filter.BasicApplicationAuthenticationFilter] Invalid authentication for application with name 'jira641'
Steps to Reproduce:
- Setup Crowd with SSO enabled
- Setup JIRA to use Crowd (with SSO enabled). Use an application password like pass\word
- Attempt to log into JIRA and observe login failure
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page"){kind=icon}
[CWD-4356] Special Characters in application password will break SSO authentication
The crowd.properties file is a Java properties file (http://docs.oracle.com/javase/7/docs/api/java/util/Properties.html), so backslashes need to be escaped.
That is, for a password of a\b, you would write:
application.password a\\b
That seems to be the issue here, so I'm going to resolve this. Please reopen if that's an incorrect assumption.
I can verify that $ is a legal character and does not need to be escaped for Crowd to accept it.