Skip to main content
Skip table of contents

SSO Authentication can fail for users with umlauts or far East characters in their names

Problem

When a user with high-ASCII characters in their login name attempts to log in via Single Sign On they may receive the message that they aren't authorized and they are presented with the login page.

Solution

Add the following startup parameter to your iGrafx Platform's configuration file:

-Dsun.security.krb5.msinterop.kstring=true

Discussion

By definition KerberosString's are supposed to be in the range 0x20-0x7F. MSFT's kerberos implementation breaks this rule and allows Kerberos strings to contain UTF-8 characters for I18n. Java's Kerberos implementation has a Microsoft compatibility mode to extend Java's ability to work with UTF-8. By setting this flag on start-up the Platform is able to authenticate users with high ASCII characters in their login name.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close