We have configured search guard with AD authentication. It works, but for users with colon symbol auth doesn’t work with the following WARN:
[WARN ][com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator] Invalid ‘Authorization’ header, send 401 and ‘WWW-Authenticate Basic’
The problem is in this part of https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/authentication/http/basic/HTTPBasicAuthenticator.java:
if (decodedBasicHeaderParts.length != 2 || decodedBasicHeaderParts[1] == null)
``
When password contains colon (“:”), decoded phrase include more than 2 parts and auth attempt throws an exception.