Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Allow HTTP Basic Authentication with Umlauts using UTF-8

Currently Domino HTTP Basic Authentication Passwords need to be encoded in  ISO-8859-1.
Many other systems allow to use UTF.8. The standard is unclear but there is a specification where you can announce which encoding the server expects.

See https://tools.ietf.org/html/rfc7617 for details.

Since 2015 there is RFC 7617, which obsoletes RFC 2617. In contrast to the old RFC, the new RFC explicitly defines the character encoding to be used for username and password.

  • The default encoding is still undefined. Is is only required to be compatible with US-ASCII (meaning it maps ASCII bytes to ASCII bytes, like UTF-8 does).
  • The server can optionally send an additional authentication parameter charset="UTF-8" in its challenge, like this:
    WWW-Authenticate: Basic realm="myChosenRealm", charset="UTF-8"
    This announces that the server will accept non-ASCII characters in username / password, and that it expects them to be encoded in UTF-8 (specifically Normalization Form C). Note that only UTF-8 is allowed.



Support gave me the following, existing enhancement request today.

The business case behind it is that we need authentication with passwords containing umlauts for mobile devices.

Once we have this enhancements, we need the mobile applications also to support UTF-8 in the same way.

 

SPR # DKENAJTT9G :Enhancement: Non-ASCII UTF-8 passwords don't work over basicAuth

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Feb 5 2019
  • Attach files