CirrostratusClient-initiated form SSO with international characters
Hi!
We are having an issue with Client initiated form SSO that is seems to come from the form containing international characters in the form parameters.
In our case Swedish characters åäö in the names of username and password fields.
After logging in at the APM logon page, the SSO POST triggers but the user does not get signed in.
Looking at what gets sent to the server, the username and password fields seems to be inserted twice in the POST to the application.
Expanding the form params in wireshark shows:
"username field" = "typed in username"
"password field" = f5-sso-token
..other params...
"username field" = "typed in username"
"password field" = "typed in password"
In our case:
pAnvändarnamn = testuser
pLösenord = f5-sso-token
..other params...
pAnvändarnamn = testuser
pLösenord = 123456789
Worth mentioning perhaps is that we are trying to apply this to a portal application with full patchning.
Searching the forum and ask-f5 knowledge base, I found SOL17489: Form-based client-initiated SSO may fail to process strings with special characters
The article does not go into detail what is considered special characters, but I gave it a try and upgraded to 12.0 HF1.
Unfortunately the issue persisted.
We replicated the behavior with a very simple form that worked right away when having sane username and password parameter names, but stopped working when changed to parameter names as above.
I'm thinking if I should open a case regarding this as a potential bug, but just wanted to run the issue by here if anyone has seen this before and might know of a fix?
Thanks
/Andreas
