SiteMinder Webagent :Autocomplete : Remediation for FCC Login pages
search cancel

SiteMinder Webagent :Autocomplete : Remediation for FCC Login pages

book

Article ID: 10725

calendar_today

Updated On:

Products

CA Single Sign-On

Issue/Introduction

How to configure CA SSO forms to disable Autocomplete of the input fields?

Most recent browsers have features that will save form field content entered by users and then automatically complete form entry the next time the fields are encountered. This feature is enabled by default and could leak sensitive information since it is stored on the hard drive of the user. The risk of this issue is greatly increased if users are accessing the application from a shared environment. Recommendations include setting autocomplete to ""off"" on all your forms.

 

 

Environment

Web Agent : 12.52 SP1 CR* & 12.8
 
Not applicable to Access Gateway

Resolution

To mitigate this vulnerability, you will need to use Secure HTML Forms.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/configuring/policy-server-configuration/authentication-schemes/configure-html-forms-authentication.html

Use Secure HTML Forms Authentication Templates 
The Secure HTML forms authentication templates differ from the standard versions in the following ways:

  • Secure versions do not display the username in returned messages
  • Secure versions include a Logout hyperlink in the top right side corner of the form template which logs out the user and redirects them to the custom logoff page
  • Autocomplete is turned off for all text fields in secure versions

Default secure template files which you can customize are located in the following directories:

  • Windows: webagent\secureforms
  • UNIX: webagent/secureforms

To use the secure versions of the HTML forms authentication templates, copy the files from the secureforms directory to the following location, replacing the standard versions there:

  • Windows: webagent\samples\forms
  • UNIX: webagent/samples/forms

A set of secure forms for the US English (en-US) locale is also available in the following directories:

  • Windows: webagent\secureforms_en-US
  • UNIX: webagent/secureforms_en-US

To use the secure versions of the US English locale forms, copy the files from the secureforms_en-US directory to the following location, replacing the standard versions there:

  • Windows: webagent\samples\forms_en-US
  • UNIX: webagent/samples/forms_en-US
Powered by Wolken Software