Getting default SSO password change pages instead of custom
Article ID: 191540
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
We're running a Web Agent, and when a user tries to POST credentials
to the Custom Authentication Scheme to change its password, the Web
Agent shows the default SiteMinder page instead of the custom one, and
Web Agent returns message :
[04/27/2020][11:50:29][20477][49][SmFCC.cpp:2159][SmFcc::buildOutputForm][00
00000000000000000000008b72c347-4ffd-5ea6aae5-0031-a69c32f5][*10.0.0.1
][][mywebagent][/myapp][]
[BadFormChars found substituting '-SM-%7bRC2%7d8IzIeHrcaV%2f%2bgiLPd11vlQCTJ
griION6Joqy6RZrHjpHpU7dasdasdsadddQJOVsWlOiLPwkCf0WNY7X8oioCox56RHTgToY7aW%2
fHNSB2QIsArNMCLZNuIpZgGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW3JbFV2ALrw5ku
Ec%3d%26USERNAME%3dmyuser%2emyname%26' for variable 'smtoken',
data blocked.]
How can we fix that ?
Environment
Web Agent 12.52SP1CR09 on Apache 2.4;
Cause
We see that the value of the SMTOKEN has been removed which cause the
page "Account Information" to be presented :
Fiddler.saz
Line 6 :
POST https://myappserver.mydomain.com/myforms/login.fcc?SMENC=UTF-8&SMTOKEN=-SM-%7bRC2%7d8IzIeHrcaV%2f%2bgiLPdDsDeesDerHjpHpU77mlh8PtRpacuQJOVsWlOidsadsdkCf0WNY7X8oioCox56RHTgToY7aW%2fHNSB2QIsArNMCLZNuIpZgGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW3JbFV2ALrw5kuEc%3d%26USERNAME%3dmyuser%2myname%26&SMAUTHREASON=23&SMAGENTNAME=-SM-kqcy%2bcTUDmuIJ%2bO63gexsxHRdsadsdssdspmFUwVtrI6VU%2b8AZdjQUrfTr%2fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&TARGET=-SM-https%3A%2F%2Fmyappserver.mydomain.com%2Fmyapp HTTP/1.1
SMENC=-SM-UTF--8&SMTOKEN=DATA+BLOCKED&smagentname=-SM-kqcy%252bcTUDmuIJ%252bO63gexdsadseessdFUwVtrI6VU%252b8AZdjQUrfTr%252fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&smauthreason=23&postpreservationdata=&target=-SM-https%3A%2F%2Fmyappserver.mydomain.com%2Fmyapp&smquerydata=
HTTP/1.1 200 OK
Date: Mon, 27 Apr 2020 09:50:30 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
Account Information
Your credentials are not valid for .
Please contact your Security Administrator or Help Desk.
smtrace.log :
[04/27/2020][11:50:29][20477][49][SmFCC.cpp:2159][SmFcc::buildOutputForm][00
00000000000000000000008b72c347-4ffd-5ea6aae5-0031-a69c32f5][*10.0.0.1
][][mywebagent][/myapp][]
[BadFormChars found substituting '-SM-%7bRC2%7d8IzIeHrcaV%2f%2bgiLPd11vlQCTJ
griION6Joqy6fdsfsddsdfsdfsdfffpacuQJOVsWlOiLPwkCf0WNY7X8oioCox56RHTgToY7aW%2
fHNSB2QIsArNMCfdsfdfdfGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW3JbFV2ALrw5ku
Ec%3d%26USERNAME%3dmyuser%2emyname%26' for variable 'smtoken',
data blocked.]
[04/27/2020][11:50:30][20477][49][CSmHttpPlugin.cpp:657][CSmHttpPlugin::Proc
essResource][0000000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*
146.213.128.135][][mywebagent][][][Resolved URL: '/myforms/login.fcc?
SMENC=UTF-8&SMTOKEN=-SM-%7bRC2%7d8IzIeHrcaV%2f%2b
giLPd11vlQCTJgriION6dasdasdasdasdasdasddasdpacuQJOVsWlOiLPwkCf0WNY7X8oioCox5
6RHTgToY7aW%2fHNSB2QIsArNMCLZNuIpZgGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW
3JbFV2ALrw5kuEc%3d%26USERNAME%3dmyuser%2emyname%26&SMAUTHREASON=23&SMAG
ENTNAME=-SM-kqcy%2bcTUDmuIJ%2bO63gexsxHREUqSgaflxdasdasdUwVtrI6VU%2b8AZdjQUr
fTr%2fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&TARGET=-SM-https%3a%2f%2fmyappserve
r%2emydomain%2ecom%2fmyapp'.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:1483][SmFcc::setup][000000000000
0000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1][][][][][
Error. No redirect target found in namespace.]
[04/27/2020][11:50:30][20477][49][CSmHttpPlugin.cpp:8751][CSmHttpPlugin::Pro
cessAdvancedAuthResource][0000000000000000000000008b72c347-4ffd-5ea6aae6-003
1-025e5608][*10.0.0.1][][][][][unable to process FCC parameters. Retu
rning SmNoAction.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:394][SmFcc::getCredentials][0000
000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1][
][][][][Error. No redirect target found in namespace.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:2411][SmFcc::doUnauthorized][000
0000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1]
[][][][][Displaying error page: '/opt/CA/webagent/samples/forms/login.unauth'.]
smwebagent.log
[25930/5][Thu Mar 26 2020 11:22:03] badurlchars='//,./,/.,/*,*.,~,\,%00-%1f'.
[25930/5][Thu Mar 26 2020 11:22:03] cookiedomain='mydomain.com'.
[25930/5][Thu Mar 26 2020 11:22:03] cookiedomainscope='2'.
[25930/5][Thu Mar 26 2020 11:22:03] csschecking='yes'.
[25930/5][Thu Mar 26 2020 11:22:03] requirecookies='yes'.
page "Account Information" to be presented :
Fiddler.saz
Line 6 :
POST https://myappserver.mydomain.com/myforms/login.fcc?SMENC=UTF-8&SMTOKEN=-SM-%7bRC2%7d8IzIeHrcaV%2f%2bgiLPdDsDeesDerHjpHpU77mlh8PtRpacuQJOVsWlOidsadsdkCf0WNY7X8oioCox56RHTgToY7aW%2fHNSB2QIsArNMCLZNuIpZgGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW3JbFV2ALrw5kuEc%3d%26USERNAME%3dmyuser%2myname%26&SMAUTHREASON=23&SMAGENTNAME=-SM-kqcy%2bcTUDmuIJ%2bO63gexsxHRdsadsdssdspmFUwVtrI6VU%2b8AZdjQUrfTr%2fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&TARGET=-SM-https%3A%2F%2Fmyappserver.mydomain.com%2Fmyapp HTTP/1.1
SMENC=-SM-UTF--8&SMTOKEN=DATA+BLOCKED&smagentname=-SM-kqcy%252bcTUDmuIJ%252bO63gexdsadseessdFUwVtrI6VU%252b8AZdjQUrfTr%252fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&smauthreason=23&postpreservationdata=&target=-SM-https%3A%2F%2Fmyappserver.mydomain.com%2Fmyapp&smquerydata=
HTTP/1.1 200 OK
Date: Mon, 27 Apr 2020 09:50:30 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.0.2o
Account Information
Your credentials are not valid for .
Please contact your Security Administrator or Help Desk.
smtrace.log :
[04/27/2020][11:50:29][20477][49][SmFCC.cpp:2159][SmFcc::buildOutputForm][00
00000000000000000000008b72c347-4ffd-5ea6aae5-0031-a69c32f5][*10.0.0.1
][][mywebagent][/myapp][]
[BadFormChars found substituting '-SM-%7bRC2%7d8IzIeHrcaV%2f%2bgiLPd11vlQCTJ
griION6Joqy6fdsfsddsdfsdfsdfffpacuQJOVsWlOiLPwkCf0WNY7X8oioCox56RHTgToY7aW%2
fHNSB2QIsArNMCfdsfdfdfGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW3JbFV2ALrw5ku
Ec%3d%26USERNAME%3dmyuser%2emyname%26' for variable 'smtoken',
data blocked.]
[04/27/2020][11:50:30][20477][49][CSmHttpPlugin.cpp:657][CSmHttpPlugin::Proc
essResource][0000000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*
146.213.128.135][][mywebagent][][][Resolved URL: '/myforms/login.fcc?
SMENC=UTF-8&SMTOKEN=-SM-%7bRC2%7d8IzIeHrcaV%2f%2b
giLPd11vlQCTJgriION6dasdasdasdasdasdasddasdpacuQJOVsWlOiLPwkCf0WNY7X8oioCox5
6RHTgToY7aW%2fHNSB2QIsArNMCLZNuIpZgGAmVB8C1%2bXZNVzb2UsRa4%2fdnYO%2fKhnyNTLW
3JbFV2ALrw5kuEc%3d%26USERNAME%3dmyuser%2emyname%26&SMAUTHREASON=23&SMAG
ENTNAME=-SM-kqcy%2bcTUDmuIJ%2bO63gexsxHREUqSgaflxdasdasdUwVtrI6VU%2b8AZdjQUr
fTr%2fY7NbIs20eJIjJF1FcFfiXtTIW8r3viX0Af&TARGET=-SM-https%3a%2f%2fmyappserve
r%2emydomain%2ecom%2fmyapp'.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:1483][SmFcc::setup][000000000000
0000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1][][][][][
Error. No redirect target found in namespace.]
[04/27/2020][11:50:30][20477][49][CSmHttpPlugin.cpp:8751][CSmHttpPlugin::Pro
cessAdvancedAuthResource][0000000000000000000000008b72c347-4ffd-5ea6aae6-003
1-025e5608][*10.0.0.1][][][][][unable to process FCC parameters. Retu
rning SmNoAction.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:394][SmFcc::getCredentials][0000
000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1][
][][][][Error. No redirect target found in namespace.]
[04/27/2020][11:50:30][20477][49][SmFCC.cpp:2411][SmFcc::doUnauthorized][000
0000000000000000000008b72c347-4ffd-5ea6aae6-0031-025e5608][*10.0.0.1]
[][][][][Displaying error page: '/opt/CA/webagent/samples/forms/login.unauth'.]
smwebagent.log
[25930/5][Thu Mar 26 2020 11:22:03] badurlchars='//,./,/.,/*,*.,~,\,%00-%1f'.
[25930/5][Thu Mar 26 2020 11:22:03] cookiedomain='mydomain.com'.
[25930/5][Thu Mar 26 2020 11:22:03] cookiedomainscope='2'.
[25930/5][Thu Mar 26 2020 11:22:03] csschecking='yes'.
[25930/5][Thu Mar 26 2020 11:22:03] requirecookies='yes'.
Resolution
For the Web Agent ACO uncomment parameter :
#BadFormChars
and remove the character "&" from the value;
Insure the Agent runs this ACO.
Feedback
Yes
No
Powered by
