03-11-2010 08:57 AM
Does someone knows how to change the Encoding on SA 4500?
I would like to change it to "western european", some remote users having passwords containing accents are unable to authenticate against Active directory.
03-12-2010 11:05 PM - edited 03-12-2010 11:06 PM
On the IVE, you go to Users>Resource Policies>Web>Encoding and create a policy there for the desired server(s) or all traffic and set the encoding there. This, however, is only used for web-based resources accessed through the IVE content intermediation engine and not auth traffic.
If this is authentication into the IVE, though, the browser settings will/should handle the encoding and not the IVE. The IVE will only pass on what it receives from the browser. If you look at a TCP dump, do you see failures with the accented characters?
03-15-2010 03:39 PM
Our MS IAS (radius) server expect that passwords are encoded with Windows-1252 codepage but the SA send "Content-Type: text/html; charset=utf-8" in the logon page headers. So users with specials character could not logon in our domain. (tcpdump shows that special character are encoded as double byte in utf-8 while Windows-1252 use single byte encoding).
We have then switch to LDAP authentication, it seems to have solved the problem.
03-19-2010 01:03 AM
Thanks for the feedback,
After extra investigations it turns out that our SA4500 sends correctly the password to AD but not to the one time password server ( we use strong authentication AD+one time password).
Password sent to the "one time password" server contains double byte character in the access challenge response message.