Apologies, I meant to put the following details into the post. Version: 2.2.17 Running on Windows 2008 R2 SP1
Cheers, Andi -----Original Message----- From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk] Sent: 24 June 2014 14:20 To: 'users@httpd.apache.org' Subject: [users@httpd] Pound symbol encoding issue? Hi, We are having some authentication issues with Apache if a user has a £ symbol as part of their password. The error_log shows: (OS 1326)Logon failure: unknown user name or bad password When the same user removes the pound symbol from the password they are authenticated with no issues. The setup is: TMG publishes our Shibboleth server externally and present the user with a form for Forms Based Authentication. Shibboleth uses an Apache virtual server called Remote User to handle the authentication. The problem only occurs when the users login from outside our network, via TMG and the Apache Remote User vhost. The same TMG form is used to publish our sharepoint and other internal resources, and the issue does not occur there when using the same test user. The parts of the config that I can see that are relevant are: <Location /idp/Authn/RemoteUser> AuthName "Identity Provider" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic On SSPIOmitDomain On SSPIPerRequestAuth On SSPIUsernameCase lower require valid-user </Location> I've read around about forcing the basic authentication using: SSPIBasicPreferred On So I'm going to give that a try overnight (I can only restart the apache service out of hours frustratingly). I'm happy to post up any obfuscated config files that might be required to help resolve this. I'm pretty new to Apache but willing to provide whatever is required. Does anyone have any suggestions for why the apache server doesn't seem to like the pound symbol? Cheers, Andi --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
