Reads non-ascii characters wrong from full name header

[martinrm77]

Problem description

Full name from header corrupts UTF-8 characters. My middle name is René (e with accent aigu), but my user is created as René My cgi bash scripts that outputs the headers shows the name correctly. I am using Shibboleth Apache module for external auth, configured to pass headers instead of environment variables. We use Microsoft ADFS 3.0 as SAML2 provider.

Steps to reproduce the problem

1. Make sure user is deleted from graylog
2. Log in with External SSO headers
3. See user list and check the full user name

Environment

• Graylog Version: Graylog 2.1.2+50e449a
• Plugin Version: 1.0.3
• Elasticsearch Version: 2.4.1-1
• MongoDB Version: 3.2.10
• Operating System: RHEL 7.3, Apache 2.4.6, Shibboleth 2.6.0
• Browser version: Firefox/39

[kroepke]

Non ASCII characters in HTTP headers are usually not supported, which is what happens here. If at all, HTTP headers can be ISO 8859, but UTF-8 isn't even in the spec. Additionally only 7bit ASCII can be relied upon.

I'm not sure that Graylog can do anything here, because the problem appears before that. Please check if you can configure your proxy to properly encode the name.

[martinrm77]

So maybe I can change the issue to: How to pass utf-8 data to graylog-sso-auth-plugin. There are several possibilities,: The HTTP/1.1 RFC should say to use RFC2047 mime encoding (=?utf8? stuff, same as for smtp headers) of header data to pass non-ascii data. One method used in some applications is to read the http header values with the same charset as the http body, which mostly would be utf-8. Ascii is a subset of utf-8, so it wouldn't hurt anyone as I see it.

[hc4]

RFC2047 not supported by browsers actualy :) But Graylog could decode url-encoded value (it is common ractice in such situations)

[martinrm77]

Ok, url encoding is good. Is this supported now?

Shibboleth SP does support encoding the http header values in URL, so that is a go.