Description
This article describes the solutions when users are authenticated via LDAP and where passwords contain special characters.
Context : Firewall authentication is used to allow access to the Internet and users are authenticated via LDAP.
Authentication may be seen to fail where special characters (é, à, è, ...) are used in the password.
The root cause is that the FortiOS authentication daemon (used for LDAP) retrieves the password from the browser request and inserts it in the LDAP query without modification. Consequently, the encoding of the page is important.
Active Directory expects Unicode encoding.
The customer's browsers are likely to be configured with ISO encoding which causes the issue.
Solution
Solution in v4.0
A new parameter to force the UTF-8 encoding for the login page as been introduced in v4.0.
UTF-8 will be used regardless of language setting of the Replacement message.
You could enable the parameter as follow:
conf vpn ssl setting
set force-utf8-login enable
end
Solution in v3.0
The solution is to force Unicode encoding, this can be done on the browser itself as a default setting. However, the best approach is to insert this HTML meta tag in the login page :
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...
</head>
--> Inserting this tag in login page ('replacement messages') fixes the issue.
This will apply for :
SSL VPN Replacement for SSL VPN login message
and also
Authentication Replacement for authentication pages.
