diff --git a/swauth/middleware.py b/swauth/middleware.py
index 00465b7..0e01cfb 100644
--- a/swauth/middleware.py
+++ b/swauth/middleware.py
@@ -344,6 +344,13 @@ class Swauth(object):
 
             password = detail['auth'].split(':')[-1]
             msg = base64.urlsafe_b64decode(unquote(token))
+
+            # https://bugs.python.org/issue5285
+            if isinstance(password, unicode):
+                password = password.encode('utf-8')
+            if isinstance(msg, unicode):
+                msg = msg.encode('utf-8')
+
             s = base64.encodestring(hmac.new(password,
                                              msg, sha1).digest()).strip()
             if s != sign:
diff --git a/test/unit/test_middleware.py b/test/unit/test_middleware.py
index 0e10eeb..2da3cbd 100644
--- a/test/unit/test_middleware.py
+++ b/test/unit/test_middleware.py
@@ -3935,6 +3935,20 @@ class TestAuth(unittest.TestCase):
             auth.filter_factory({'default_storage_policy': 'ssd'})(FakeApp())
         self.assertEqual(ath.default_storage_policy, 'ssd')
 
+    def test_s3_creds_unicode(self):
+        self.test_auth.app = FakeApp(iter([
+            ('200 Ok', {},
+             json.dumps({"auth": unicode("plaintext:key)"),
+                         "groups": [{'name': "act:usr"}, {'name': "act"},
+                                    {'name': ".admin"}]})),
+            ('204 Ok', {'X-Container-Meta-Account-Id': 'AUTH_act'}, '')]))
+        env = \
+            {'HTTP_AUTHORIZATION': 'AWS act:user:3yW7oFFWOn+fhHMu7E47RKotL1Q=',
+             'PATH_INFO': '/v1/AUTH_act/c1'}
+        token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\
+                'ozNCArMDAwMAovY29udGFpbmVyMw=='
+        self.assertEqual(self.test_auth.get_groups(env, token), None)
+
 
 if __name__ == '__main__':
     unittest.main()