[jboss-jira] [JBoss JIRA] (ELY-1761) Unicode normalization in SASL client breaks some non-ASCII passwords

[ https://issues.jboss.org/browse/ELY-1761?page=com.atlassian.jira.plugin.s... ] Farah Juma commented on ELY-1761: --------------------------------- Checked the Plain SASL mechanism [RFC|https://tools.ietf.org/html/rfc4616#section-2], normalization is recommended but not required: {quote} The SASLPrep profile of the StringPrep algorithm is the RECOMMENDED preparation algorithm. The SASLprep preparation algorithm is not mandatory so as to allow the server to employ other preparation algorithms (including none) when appropriate. For instance, use of a different preparation algorithm may be necessary for the server to interoperate with an external system. {quote} Adding a new profile in {{StringPrep}} that skips over {{NORMALIZE_KC}} seems reasonable. A new SASL property could then be used to indicate that this new profile should be used. In particular, this would involve the following steps: # Add a new profile to {{StringPrep}} that is similar to {{PROFILE_SASL_STORED}} but does not include {{NORMALIZE_KC}}. # Add a new property to [WildFlySasl|https://github.com/wildfly-security/wildfly-elytron/blob/mast...] (e.g., something like {{SKIP_NORMALIZATION = "org.wildfly.sasl.skip-normalization"}}) that defaults to {{false}}. # Update [PlainSaslClientFactory#createSaslClient|https://github.com/wildfly-securi...] to check if {{props}} contains the new property and what its value is. Pass this to the [PlainSaslClient|https://github.com/wildfly-security/wildfly-elytron/blob/...] constructor. # Make use of this value in {{PlainSaslClient#evaluateChallenge}} to determine which {{StringPrep}} profile to use. -- This message was sent by Atlassian Jira (v7.12.1#712002)