search cancel

SmPostPreserve encoding


Article ID: 15589


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Siteminder's POST preservation functionality allows a user's POST data to be stored in case they are redirected for authentication in response to a POST request.  This is done by placing the POST data into a variable called SmPostPreserve.  Is this SmPostPreserve value encoded or encrypted, and if so, will the value ever contain the following characters?



All supported releases of Siteminder/Single Sign On


The SmPostPreserve value is both encrypted and Base64 encoded.  As the Base64 chars only include ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=, the XSS characters listed in the question (<,>,&,',") would never be part of the SmPostPreserve value.