search cancel

SSO Policy Server Illegal characters in username

book

Article ID: 188755

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We are observing some illegal characters in username messages in smaccess log:

AuthAttempt fishbone [15/Apr/2020:11:11:11 +0100] "10.1.1.46 qudjCAT77&c*m" "mywebagent GET /secure/loginforwarddev" [] [46] Illegal characters in username [] []
We would like to know the list of of characters which are considered illegal by Siteminder

Environment

Release : 12.52

Component : SITEMINDER -POLICY SERVER

Resolution

There are 3 characters which if used in username, policy server will give the error "illegal characters in username" and they are: * & Username shouldn't be enclosed within parentheses
This has been part of the product since day one and is not a configurable option. 
The reason for this is that these characters have special meaning in LDAP search queries, the query will be broken / return unexpected results with this characters being used not for searching purposes.

Additional Information

While this is all relevant, there has been a fix included in SiteMinder 12.52 SP1 CR5 to allow & to be used in username / email for login purposes
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr05.html
0215858
DE68366
The authentication fails if the username contains &.

In addition, the registry key AllowUserNameWithinParentheses can be used to allow a user name within parentheses to be specified
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-7/configuring/policy-server-configuration-files/list-of-policy-server-registry-keys.html