Possible issue with UTF8 misconversion (username with umlauts)
Herda, Martin
Martin.Herda at fritz-edv.de
Wed Jul 27 11:29:13 UTC 2022
Hello List!
We've got an issue with umlauts in usernames:
We are using privacyIDEA to enroll 2FA TOTP token to users for securing login process to VMware Horizon View infrastructure. (Homeoffice use)
In backend, privacyIDEA is using freeRadius (in conjunction with rlm_perl) to authenticate users against active directory.
When a user with umlaut is trying to log in, it seems that there is a (double) misconversion happening:
Radius.log:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found!
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Debugging config:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Default URL https://localhost/validate/check
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Looking for config for auth-type Perl
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Password encoding guessed: ascii
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Setting client IP to 192.168.0.12.
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Auth-Type: Perl
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: url: https://localhost/validate/check
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: user sent to privacyidea: G%C3%83%C2%B6the
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: realm sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: resolver sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: client sent to privacyidea: 192.168.0.12
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: state sent to privacyidea:
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam client
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam pass
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: urlparam user
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Request timeout: 10
Wed Jul 27 08:31:14 2022 : Info: rlm_perl: Not verifying SSL certificate!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: elapsed time for privacyidea call: 0.549382
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA request failed: 400 BAD REQUEST
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA Result status is false!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: ERR904: The user can not be found in any resolver in this realm!
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: privacyIDEA failed to handle the request
Wed Jul 27 08:31:15 2022 : Info: rlm_perl: return RLM_MODULE_NOTFOUND
Username should be 'Göthe' but somwhere on the way it gets messed up to 'G%C3%83%C2%B6the'
Users without umlauts are working fine. I don't know, in which part exactly the things gets messed up. But I think this issue should lie anywhere between freeRadius and rlm_perl, because the first instance right after the Horizon Server is freeRadius and rlm_perl.
Any ideas how to solve this issue? But removing/replacing umlauts is not an option.
More information about the Freeradius-Users
mailing list