search cancel

SMSESSION value data_suppressed is not reflecting on Auto-Authorize

book

Article ID: 133618

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

We're running a Web Agent and this one reports in the logs the SMSESSION value

"SMSESSION=data_supressed" but on the same transaction, on

auto-authorize URL, the SMSESSION is visible in the logs.

We'd like to know why ?

We refer to this given fix in 12.52SP1CR09 :

  Defects Fixed in 12.52 SP1 CR09

    00979227 DE350367

    SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.

  https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-WebAgent

Is that a vulnerability ?


Environment

Web Agent 12.52SP1CR09

Resolution

The above fix is not about a vulnerability. It's about Web Agent

logging which produces a crash of the Web Agent on protected

resource.