4 Replies Latest reply: Jul 21, 2009 8:27 AM by 843810 RSS

    GSSName  is corrupted for non ascii chars

    843810
      Hi,

      I have a setup where a web application is deployed to use SPNEGO for user authentication ( using kerberos V ) and authorization.

      We have several users with non english characters in the user ID and even though kerberos authentication succeeds for such users ( KDC / Active Directory is returning valid kerberos ticket which the client embeds in the SPNEGO token). Hoowever, on passing the SPNEGO token to GSS API and extracting the user name from GSS API returns incorrect user name. All non ascii characters in the user name are replaced with some junk byte sequences.


      We use JGSS API (with JRE 1.4.08) for extracting the SPNEGO token and create a GSS secruity context object. Later, the GSS Name is extracted from the GSS context object.

      Currently I am tesitng the SPNEGo authentication for a user with user ID 123<sp char> . The <sp char> 's unicode value is FE and UTF-8 encoded byte sequence is C3 BE. However, if I invoke 'export' method of the GSSName object and examine the returned byte sequence, instead of C3 BE, the byte sequence EF BF BD EF BF BD is present. The byte sequence for other english characters are proper.

      Is this a defect in GSS-API ? Or am I not using GSS properly?

      Do I need to have any special setup / configuration for using JGSS with kerberos V for users with non ascii characters in the user ID?

      Please advise.

      Regards,
      Jayaram.

      Message was edited by:
      s_jayaram_s