diff --git a/vmware_nsxlib/tests/unit/v3/test_cluster.py b/vmware_nsxlib/tests/unit/v3/test_cluster.py
index 110d7bce..f5035d49 100644
--- a/vmware_nsxlib/tests/unit/v3/test_cluster.py
+++ b/vmware_nsxlib/tests/unit/v3/test_cluster.py
@@ -54,11 +54,11 @@ def get_sess_create_resp():
 
 class RequestsHTTPProviderTestCase(unittest.TestCase):
 
-    def test_new_connection(self):
+    def _test_new_connection(self, password, escaped_pw):
         mock_api = mock.Mock()
         mock_api.nsxlib_config = mock.Mock()
         mock_api.nsxlib_config.username = 'nsxuser'
-        mock_api.nsxlib_config.password = 'nsxpassword'
+        mock_api.nsxlib_config.password = password
         mock_api.nsxlib_config.retries = 100
         mock_api.nsxlib_config.insecure = True
         mock_api.nsxlib_config.token_provider = None
@@ -67,18 +67,32 @@ class RequestsHTTPProviderTestCase(unittest.TestCase):
         mock_api.nsxlib_config.conn_idle_timeout = 39
         mock_api.nsxlib_config.client_cert_provider = None
         provider = cluster.NSXRequestsHTTPProvider()
-        with mock.patch.object(cluster.TimeoutSession, 'request',
-                               return_value=get_sess_create_resp()):
+        with mock.patch.object(
+                cluster.TimeoutSession, 'request',
+                return_value=get_sess_create_resp()) as mock_session_create:
             session = provider.new_connection(
                 mock_api, cluster.Provider('9.8.7.6', 'https://9.8.7.6',
-                                           'nsxuser', 'nsxpassword', None))
+                                           'nsxuser', password, None))
 
-            self.assertEqual(('nsxuser', 'nsxpassword'), session.auth)
+            self.assertEqual(('nsxuser', password), session.auth)
             self.assertFalse(session.verify)
             self.assertIsNone(session.cert)
             self.assertEqual(100,
                              session.adapters['https://'].max_retries.total)
             self.assertEqual(99, session.timeout)
+            # inteested in request body only
+            mock_session_create.assert_called_once_with(
+                mock.ANY,
+                'https://9.8.7.6/api/session/create',
+                data='j_username=nsxuser&j_password=%s' % escaped_pw,
+                headers=mock.ANY)
+
+    def test_new_connection(self):
+        self._test_new_connection('nsxpassword', 'nsxpassword')
+
+    def test_new_connection_special_chars(self):
+        self._test_new_connection(
+            'nsxPW0}:#{%=&;!', 'nsxPW0%7D%3A%23%7B%25%3D%26%3B%21')
 
     def test_new_connection_with_client_auth(self):
         mock_api = mock.Mock()
diff --git a/vmware_nsxlib/v3/cluster.py b/vmware_nsxlib/v3/cluster.py
index 5ee29675..0c809ee5 100644
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@@ -292,8 +292,9 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
             # may not be provided.
             # If provided, backend treats these credentials as authentication
             # and ignores client cert as principal identity indication.
-            req_data = 'j_username=%s&j_password=%s' % (provider.username,
-                                                        provider.password)
+            req_data = urlparse.urlencode(
+                {'j_username': provider.username,
+                 'j_password': provider.password})
         # Cannot use the certificate at this stage, because it is used for
         # the certificate generation
         try: