Error : Password with currency symbols £ or € not working in APS
search cancel

Error : Password with currency symbols £ or € not working in APS


Article ID: 138829


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



When a given user tries to change his/her password with combination of
special currency symbols, the new password is not working. However using
$ sign in password is working fine.

Otherwise Advanced Password Services (APS) works fine upon other

To illustrate :

  - Character "£", when user tries to change password with the Pound
    Sign, password change request is successfully
    submitted, the form and page shows password is changed, but when
    user tries to access the application with the new password, it's
    stating the wrong password used.

LDAP record can see new password was successful saved, but customer
can not login with new password :

  changetype: modify
  replace: userPassword
  userPassword: {SSHA512}yX9op+3G8Skr6rhve03HdbJpocwr8.....
  replace: pwdChangedTime
  pwdChangedTime: 20190724091919.112Z
  replace: smapsLastPasswordChange
  smapsLastPasswordChange: 20190724091920Z APS Interface




Web Agent 12.52SP1CR09 on Apache 2.4.48 on RedHat 6




Advanced Password Services (APS) documentation did not specifically
mention if these symbols are allowed or not in password content.

There are several components (Browser, Web Server, Tomcat Application
Server and Advanced Password Services APS code itself) in the flow
that could impact if UTF-8 character is accepted or not.

It is also worth mentioning that neither character (with £ or € in
password) can be directly entered from English keyboard, but $ sign

  | Character | Windows-1252 | UTF-8  |
  | £         | %A3          | %C2%A3 |
  | Â         | %C2          | %C3%82 |

Assume this is password: pass123£, in UTF-8 encoding, it will be

However if this same string is interpreted by "Windows-1252"
single-byte character encoding, it will become pass123£, which is not
intended true password value.

During debugging, Advanced Password Services (APS) adds or misinterprets
character before £ symbol before saving password data into LDAP, which
is NOT suppose to.

Enable Advanced Password Services (APS) debug by turning on debug flag within APS.war file. APS.war file may have
to be redeployed after the change.

  # LOG4J configuration

  log4j.rootLogger=DEBUG, Appender1,Appender2
  log4j.appender.Appender1.layout.ConversionPattern=%-7p %d [%t] %c %x - %m%n
  log4j.appender.Appender2.layout.ConversionPattern=%-7p %d [%t] %c %x - %m%n




- Upgrade the Web Agent to 12.52SP1CR11 to fix this issue with
  password change in Advanced Password Services (APS) (1).


Additional Information



    Defects Fixed in 12.52 SP1 CR11

      20019520 DE423937 The user password change fails if the password
      contains any currency symbols such as £ or €.