Users are unable to use OAuth /token service with < or/and > characters in password

Document ID : KB000092981
Last Modified Date : 02/05/2018
Show Technical Document Details
On using OTK /token policy using a password grant and validating against an identity provider - Active Directory  using a password having characters < or/and >
Authentication against that identity provider fails.
Expected results: Authentication against that identity provider should succeed.
Active Directory LDAP
CA API Gateway 9.2/9.1
The underline issue was found to be external application that was talking to LDAP was doing some manipulation on symbols in the passwords. 
In the test lab gateway seemed to support the password containing < or > characters. For example try to use authenticate against LDAP - Active Directory Identity Provider, the validation would be successful.
Additional Information:
Steps to reproduce:
Set the following password on an LDAP instance: any password containing < or > characters 
Call the /token endpoint using a password grant using the above password and validate against an identity provider for that LDAP instance