Access gateway proxy UI fails to load
Article ID: 194492
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
Access gateway proxy UI fails to load
Environment
Release : 12.8
Component : SiteMinder Federation(Federation Manager)
Resolution
There are several of the following messages in the webagent log:
[1772/3708][Tue Jun 16 2020 07:43:58][CSmHttpPlugin.cpp:817][ERROR][sm-HTTPAgent-00090] URL contains BadCssChars. Exiting with HTTP 403 forbidden error '00-0002'.
We can see the following earlier in the log which shows what badcsschars is set to:
[1772/2772][Tue Jun 16 2020 07:39:43] badcsschars=<,>,',;,),(,&,+,%00
Note that '&' is set as a badcsschar, but there are also & characters in the URL as per the screenshot.
I cannot see all the URL so there may also be other characters causing a problem.
For your reverence, see the following on the BadCSSChars ACO parameter:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_ProtectWebSitesAgainstCrossSiteScripting
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_OverridetheDefaultCSSCharacterSet
To solve this, you need to make sure all the characters that are valid for the URLs you use are not listed in BadCSSChars.
[1772/3708][Tue Jun 16 2020 07:43:58][CSmHttpPlugin.cpp:817][ERROR][sm-HTTPAgent-00090] URL contains BadCssChars. Exiting with HTTP 403 forbidden error '00-0002'.
We can see the following earlier in the log which shows what badcsschars is set to:
[1772/2772][Tue Jun 16 2020 07:39:43] badcsschars=<,>,',;,),(,&,+,%00
Note that '&' is set as a badcsschar, but there are also & characters in the URL as per the screenshot.
I cannot see all the URL so there may also be other characters causing a problem.
For your reverence, see the following on the BadCSSChars ACO parameter:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_ProtectWebSitesAgainstCrossSiteScripting
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_OverridetheDefaultCSSCharacterSet
To solve this, you need to make sure all the characters that are valid for the URLs you use are not listed in BadCSSChars.
Feedback
Yes
No
Powered by
