VIP Enterprise Gateway | Passwords Containing Special Characters Not Accepted By Validation Server

book

Article ID: 170374

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

Users are unable to authenticate via the first factor through the validation server when their LDAP password contains special characters.

The validation server logs indicate that the LDAP password is incorrect.

INFO "2017-10-27 08:22:11.236 GMT-0700" 0.0.0.0 MyVal:1814 0 0 "text=Access Denied 0x006b: Schema validation failed. (Error encountered during schema validation. Invalid element pin, top, or temporaryPassword values.), user=[user1], bizCont=off,reason=34
INFO "2017-10-27 08:22:11.236 GMT-0700" 0.0.0.0 MyVal:1814 0 0 "text=Sending Acces-Reject for user [user1] , reason=3; Incorrect LDAP Password." Thread-3955157872 VSAuthOTPStandardControllerImpl.cpp
AUDIT "2017-10-27 08:22:11.236 GMT-0700" 10.10.100.3 MyVal:1814 0 18870 "text=Access DENIED Incorrect LDAP Password. ,reason=3; Incorrect LDAP Password." Thread-3955157872 VSValidationEngine.c

Cause

By default, validation servers only support UTF-8 characters when configured in ULO mode (username + LDAP password + security code).

Resolution

To allow additional special characters to be accepted and read correctly, the encoding on the validation server must be changed to ISO-8859-1.

  1. Connect to the server where the VIP Enterprise Gateway is installed.
  2. Log in to the VIP Enterprise Gateway console and stop the corresponding validation server from the Validation tab by changing the status to Off.
  3. Delete the radserv.conf.working file present in <INSTALL_DIR>\Validation\servers\conf\<server_name>\conf folder.
  4. Open radserv.conf and change server.encoding to ISO-8859-1 and save.
  5. Start the validation server in the console by changing the status to On.
  6. Attempt the login to the validation server again.