Access gateway proxy UI fails to load

book

Article ID: 194492

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Access gateway proxy UI fails to load

Environment

Release : 12.8

Component : SiteMinder Federation(Federation Manager)

Resolution

There are several of the following messages in the webagent log:

[1772/3708][Tue Jun 16 2020 07:43:58][CSmHttpPlugin.cpp:817][ERROR][sm-HTTPAgent-00090] URL contains BadCssChars. Exiting with HTTP 403 forbidden error '00-0002'.

We can see the following earlier in the log which shows what badcsschars is set to:

[1772/2772][Tue Jun 16 2020 07:39:43] badcsschars=<,>,',;,),(,&,+,%00

Note that '&' is set as a badcsschar, but there are also & characters in the URL as per the screenshot.

I cannot see all the URL so there may also be other characters causing a problem.

For your reverence, see the following on the BadCSSChars ACO parameter:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_ProtectWebSitesAgainstCrossSiteScripting

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html#concept.dita_a4f1c9b394b5b45650256db5105c5886a242345b_OverridetheDefaultCSSCharacterSet

To solve this, you need to make sure all the characters that are valid for the URLs you use are not listed in BadCSSChars.