Webagent is redirecting to url that is not part of the valid target domain
Article ID: 115119
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We have configured the Siteminder ValidTargetDomain to .abc.com which has to block redirects to other websites other than the .abc.com.
However, we observe that the agent is not blocking the target url which is not part of the configured valid target domain, and the requests are being forwarded to the target url.
We tested by accessing "https://abc.com/login/logoff.fcc?TARGET=https://firewall.com", and observed that the agent redirects me to firewall.com instead of blocking it.
How can we configure Siteminder to reject this request?
However, we observe that the agent is not blocking the target url which is not part of the configured valid target domain, and the requests are being forwarded to the target url.
We tested by accessing "https://abc.com/login/logoff.fcc?TARGET=https://firewall.com", and observed that the agent redirects me to firewall.com instead of blocking it.
How can we configure Siteminder to reject this request?
Environment
Release:
Component: SMAPC
Component: SMAPC
Cause
ignoreext='.class,.fcc,.scc,.sfcc,.ccc,.ntc,.css,.dll,.properties,.unauth'.
Fiddler trace showed that the request was not processed as the webagent was configured to ignore the .fcc extension
Fiddler trace showed that the request was not processed as the webagent was configured to ignore the .fcc extension
Resolution
Remove the .fcc extension from the ignoreext ACO parameter and then restart the webagent
Feedback
Yes
No
Powered by
