This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

password with special character !

Posted on 08-05-2020 01:48 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

We are using LDAP policy for Microsoft Active Directory authentication. In a password, there is special characters like ! and #. These are working with Layer 7 gateway, but when I am trying through Apigee the authentication is failing.

Is there any option to overcome this issue?

0 8 505
Topic Labels
0 Likes
Reply
8 REPLIES 8

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

You may be running into an escaping issue. Without more details, like how you're passing the username and password, how you configured the LDAP policy, and specifically what you see in a Trace session, we won't be able to help you.

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

passing username and password as basic authentication. The LDAP is configured with the jar option. The trace shows the correct username and password going to LDAP, but failing with a failed error.

Same is working in Layer 7.

0 Likes
Reply

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to
Reply posted on --/--/---- --:-- AM

ok I understand.

And for "regular" passwords that don't have special characters, the Apigee LDAP policy is working as expected. Is that right?

Can you show

  • the LDAP Provider configuration (XML)
  • the LDAP Policy configuration (XML)

Please elide the private details; replace the company domain with example.com, etc.

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Yes, normal credentials are working fine. The provider config is as below. These are default as in the docs

<LdapResource name="ldap1">    <Connection>      <Hosts>      <Host>foo.com</Host>      </Hosts>      <SSLEnabled>false</SSLEnabled>      <Version>3</Version>      <Authentication>simple</Authentication>      <ConnectionProvider>unboundid</ConnectionProvider>      <ServerSetType>round robin</ServerSetType>    </Connection>    <ConnectPool enabled="true">      <Timeout>30000</Timeout>      <Maxsize>50</Maxsize>      <Prefsize>30</Prefsize>      <Initsize></Initsize>      <Protocol></Protocol>    </ConnectPool>    <Admin>      <DN>cn=manager,dc=apigee,dc=com</DN>      <Password>secret</Password>    </Admin>  </LdapResource>

In policy

<Ldap name="4GLdapPolicy">   <LdapResource>ldap1</LdapResource>   <Authentication>       <UserName ref="request.header.username"/>       <Password ref="request.header.password"/>       <Scope>subtree</Scope>       <BaseDN></BaseDN> <!-- default is dc=apigee,dc=com -->    </Authentication> </Ldap>
0 Likes
Reply

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to
Reply posted on --/--/---- --:-- AM

Can you try the jndi connection provider?

Just create a different ldap resource, maybe ldap2, and configure it with: 

<ConnectionProvider>jndi</ConnectionProvider>

...and then update your policy to point to ldap2.

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Yes, I tried this. But jndi option is not working for any credentials. This is the reason Apigee support had suggested us to use unboundid.

Please help with instructions if we can resolve jndi configuration or allow the special characters in unboundid.

Thanks...

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

I did realize ! is not the issue, issue is because of # character in the password.

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

We are able to overcome this situation using javacallout and it worked as expected.

0 Likes
Reply