Basic authentication to backend fails when special; characters in username or password
Article ID: 405245
Updated On:
Products
Issue/Introduction
When a consumer calls an API with basic authentication in a layer7 gateway environment and this username or password contains a special character the basic authentication is failing.
The password contains in this case ‘£' (pound sign) This request is then routed to a layer7 DMZ gateway. which fails to authenticate the request
At the DMZ gateway , the authentication header of the incoming message contains a base64 encoded username/password string. Something apparently went wrong when encoding this string. After decoding the received string, the '£' symbol is missing.
Resolution
The problem is not that ‘£' (pound sign) is missing but the encoding is not UTF-8 if you take the same encoded string and you decode it with US-ANSI or ISO-8859-1 it will show the £' (pound sign) .
API gateway is using the default ISO-8859-1 encoding for the authorization header as defined in the RFC . This could cause problem with clients or backends which send the authorization header as a UTF8 encoded string.
As a workaround for the routing to a backed which require UTF8 create the authorization header not in the routing assertion but set this to no authentication and create the encoded string using the encode/decode assertion and add this to the request header.
Supporting UTF8 for authorization header is on the feature list for a future release of gateway .
Feedback
