Forum Discussion
Sharon_Lucas_55
Nimbostratus
Apr 28, 2010Problem authenticating if password contains a @
I'm using the iControl SDK to create a Java application that automates configuring BIG-IP.Wed Apr 28 14:09:13 2010
If my admin password for BIG-IP does not contain a @, authentication to the BIG-IP host via my Java application works fine. However, if my admin password for BIG-IP contains a @ in it, I get an authentication error because it thinks everything after the @ in the password is part of the hostname since it uses the following url to connect to BIG-IP.
https://user:password@hostname:443/iControl/iControlPortal.cgi
So, if my user is admin and my password is pass@word and my hostname is bigip.company.com, the url used is:
https://admin:pass@word@bigip.company.com:443/iControl/iControlPortal.cgi
So, it incorrectly thinks the password is pass and the hostname is word@bigip.company.com (everythin after the first @ within the password)
So, I encoded the @ in the password as %40 (e.g. pass%40word) to make it url safe since a @ is a reserved character and must be encoded according to url rules. However, authentication is still failing.
This problem appears to be like the one reported at http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/51/afv/topic/aft/30461/aff/1/showtab/groupforums/Default.aspx34413 that was never answered.
When the admin password is pass@word and I specify the encoded version of the password (e.g. pass%40word), I get the following error:
C:\F5\iControl-10.1.0\sdk\samples\soap\java\apache\axis\LocalLB>java -cp .;%JAVA_CLASSPATH% F5ProxySetup 9.99.999.999 443 admin pass%40word
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (401)F5 Authorization Required
faultActor:
faultNode:
faultDetail:
{}:return code: 401
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
lang="en">
Authentication required!
Authentication required!
This server could not verify that you are authorized to access
the URL "/iControl/iControlPortal.cgi".
You either supplied the wrong credentials (e.g., bad password), or your
browser doesn't understand how to supply the credentials required.
In case you are allowed to request the document, please
check your user-id and password and try again.
Error 401
{http://xml.apache.org/axis/}HttpErrorCode:401
(401)F5 Authorization Required
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at iControl.LocalLBSNATBindingStub.get_list(LocalLBSNATBindingStub.java:717)
at F5ProxySetup.createSnat(F5ProxySetup.java:70)
at F5ProxySetup.main(F5ProxySetup.java:907)
- Hamish
Cirrocumulus
I'm not sure if this one would ever be fixed... Mainly because the syntax for including the username and password in the URL isn't actually part of the standard. It's an extension that (IIRC) Netscape started way back when. - Sharon_Lucas_55
Nimbostratus
Yes, other reserved characters in the password cause the same problem. - Hamish
Cirrocumulus
Sorry, no... I don't. I use perl for almost all of my iControl work (Where I don't use perl, I use C). - Hamish
Cirrocumulus
I also had a thought... What happens if you escape the @ with a backslash? e.g. pass\@word? - Sharon_Lucas_55
Nimbostratus
Escaping the @ with a backslash results in the same error. - Luke_Lehman
Employee
Posted By Hamish on 04/30/2010 01:13 AM - hoolio
Cirrostratus
For whichever language you're using you should be able to insert an HTTP header in the request. The format should be: - Have you tried the iControl library for Java? I've got a version that will work with JRE 1.5 and 1.6 and uses the lower level binding classes to set the username/password for the connections. There are binary and source can be found in the iControl Assembly for .Net and Java labs project.
- Luke_Lehman
Employee
Aaron,web_ltmview.Url = new Uri("https://" + txt_username.Text + ":" + txt_password.Text + "@" + ltmDerived + ".prci.com/");
string hdr = "Authorization: Basic" + Convert.ToBase64String(Encoding.ASCII.GetBytes(txt_username.Text + ":" + txt_password.Text)) + System.Environment.NewLine; web_ltmview.Navigate("https://" + ltmDerived + ".prci.com/", null, null, hdr);
- Luke, are your authenticated calls iControl method requests? If so, you should use the iControl Assembly instead of hard coding them yourself. If you just want to create an authenticated request to a web page, then your route would likely work.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects