SMSESSION value data_suppressed is not reflecting on Auto-Authorize

search cancel

SMSESSION value data_suppressed is not reflecting on Auto-Authorize

book

Article ID: 133618

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

While running a Web Agent and this one reports in the logs the SMSESSION value "SMSESSION=data_supressed" but on the same transaction, on

auto-authorize URL, the SMSESSION is visible in the logs.

Reason to know why ?

We refer to this given fix in 12.52SP1CR09 :

Defects Fixed in 12.52 SP1 CR09

00979227 DE350367

SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-WebAgent

Is that a vulnerability ?

Environment

Web Agent 12.52SP1CR09

Resolution

The above fix is not about a vulnerability. It's about Web Agent logging which produces a crash of the Web Agent on protected resource.

Feedback

thumb_up Yes

thumb_down No