search cancel

SMSESSION value data_suppressed is not reflecting on Auto-Authorize


Article ID: 133618


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER


We're running a Web Agent and this one reports in the logs the SMSESSION value

"SMSESSION=data_supressed" but on the same transaction, on

auto-authorize URL, the SMSESSION is visible in the logs.

We'd like to know why ?

We refer to this given fix in 12.52SP1CR09 :

  Defects Fixed in 12.52 SP1 CR09

    00979227 DE350367

    SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.

Is that a vulnerability ?


Web Agent 12.52SP1CR09


The above fix is not about a vulnerability. It's about Web Agent

logging which produces a crash of the Web Agent on protected