Usernames with special characters may be double encoded behind an Apache Proxy with a RewriteRule

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When working with user names that contain special characters, (such as "@" and "#") you may receive the following message:

User <test%45test.com> does not exist

Cause

Crowd is behind a reverse proxy, and a RewriteRule exists to alter the URL (perhaps to go from http to https) in some form:

RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

The special characters are being encoded, and being double encoded again by the reverse proxy.

Resolution

Add the NoEncode to the RewriteRule, to ensure that the Rewrite is not being double encoded. The above rule would become:

RewriteRule ^/?(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,NE,L]

Last modified on Jan 31, 2025

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.