Environment
NetIQ Access Manager 3.2
Novell Access Manager 3.1
Novell Access Manager 3.1
Situation
- NetIQ Access Manager Identity Server has been configured to use an Novell eDirectory userstore
- A protected resource has been configured for HTTP Basic Authentication
- Users including an umlaut character (e.g. "Müller") will fail to authenticate using Mozilla Firefox and Internet Explorer
- Authenticating user with Google Chrome works without any problems
Resolution
Using a LAN trace to capture the basic authentication process shows that the browser client (Mozilla FireFox and Microsoft Internet Explorer) fails on Base64 encoding the "umlaut" characters. The HTTP RFC does not define an option for a web server to define the encoding type used with the "WWW-Authenticate: Basic realm="WallyWorld" header as defined in RFC 2616 / 2617.
- For Mozilla the following bug has been created on this topic:
"https://bugzilla.mozilla.org/show_bug.cgi?id=41489" - A Draft for an RFC has been created at : "http://tools.ietf.org/id/draft-reschke-basicauth-enc-00.html" in order to add an "encoding' auth-param" which would allow to define the expected encoding type in the HTTP 401 WWW-Authenticate: Basic realm="WallyWorld" request