APM WebSSO NTLM not supporting unicode characters in passwords

Question

Hello,&nbsp;
Has anyone found a way around the issue that a password containing unicode characters (a-umlaut, u-umlaut, etc.) is garbled and thus rejected when using NTLM WebSSO authentication in APM by back end Windows servers?&nbsp;
Front end authentication with a VPE containing AD Query and AD Auth work fine, just the backed SSO is broken with NTLM.&nbsp;
There is an RFE for it, 398134 but I can only assume that not many non-US users have not had many issues with it as it has not been fixed and is "merely" a request for enhancement ...&nbsp;
All of our users have either a German, French or Italian keyboard thus it is quite normal to have an ü, ö or ä in there passwords. This is causing our help desk serious headaches resetting their passwords.&nbsp;
thanks.&nbsp;

stefan_klotz · Answer

Hi there,&nbsp;
this topic is quite some days old, but seems to match my issue as well. So I assume it might be the same root cause.&nbsp;
I'm also using a APM policy with SSO, but "only" with HTTP basic. A users password contains the character "§" and the F5 parses this incorrectly to the backend server (resulting in a 401). I sniffered the traffic both with SSO enabled and without.&nbsp;
Without SSO this character will be displayed as "\247" in Wireshark.&nbsp;
With SSO this character will be displayed as "\302\247" in Wireshark.&nbsp;
Any idea how this can be fixed within APM?&nbsp;
Thank you!&nbsp;
Ciao Stefan :)&nbsp;

rene_c_ · Answer

So, now i have a similar issue. I am parsing the Basic Auth Header from the Request inside an iRule and set it into a session variable for APM -&gt; special characters are now garbage.&nbsp;
Would also like to see a solution to this.&nbsp;
Cheers,
Rene&nbsp;

hank_moody_3649 · Answer

same problem here. could u find a solution?&nbsp;

boneyard · Answer

i would advise you to open a support ticket for this and please report back on the response and possible bug ID.&nbsp;

Forum Discussion

APM WebSSO NTLM not supporting unicode characters in passwords

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Automate scp transfers using password

Password Safety & Security: Passwords vs. Passphrases

Support and Help for DevCentral and Offline Contact

Securing Applications using mTLS Supported by F5 Distributed Cloud

Ansible module to update BIG-IP root/admin passwords