Error : Password with £ or € characters not correctly updated User Store

book

Article ID: 226001

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When running a Policy Server, at time user changes its password for
one with character £ or €, then the last character of that password
gets trimmed in the DataBase User Store.

To illustrate :

    [email protected]

changes its password to "hello£1234 ".

The password in the DataBase User Store gets set to hello£123. The
last "4" gets removed.

When changing the user password through AdminUI, then the password
gets correctly updated in the DataBase without missing char.

 

Cause

 

The issue only occurs in the Customized journey where the page

   http://myserver.mydomain.com/mypassword/change/encryption

which put the old and new passord in one encrypted value which it
posts to :

   http://myserver.mydomain.com/pw/PWS.fcc 

and

   http://myserver.mydomain.com/mypasswordchange/PSWDChangeServlet?SMENC=UTF-8&SMTOKEN=$SM$%7bRC2%7dg99%2fW52521msTyLeo6U8tclVriGhWEGKLGEssqsy0yEfYIcP71%2b4iWyZ4nRPvveIT9pzPyYYH%2f&[email protected]&SMAUTHREASON=23&SMAGENTNAME=myAgent&TARGET=$SM$http%3A%2F%2Fmyserver.mydomain.com%2FmyApp%2F
  


PSWDChangeServlet is a class of jpw.jar. Java and CGI password
services are deprecated since 2004 (1).

So to get continuity in the development and bug fixed, use the FCC
password services (ie.: smpwservices.fcc) (2)(3).

 

Resolution

 

As PWS.fcc is deprecated, change the code in order to use
smpwservices.fcc instead of PWS.fcc to solve the issue.

Out of the box smpwservices.fcc doesn't show that issue.

 

Additional Information

 

(1)

    Netegrity SiteMinder Web Agent v5.x QMR 7

      Release Notes

 CGI and JSP Password Services Being Deprecated (29865)

 CGI and JSP versions of Password Services are being deprecated as
 of Web Agent 5.x QMR 7. CGI and JSP Password Services will
 continue to be shipped and supported, but these versions will be
 phased out in the future.  A new FCC Password Services application
 has been introduced at 5.x QMR 7.  For more information, see
 1.2. FCC Password Services on page 4.

    (c) Netegrity, Inc. All rights reserved. October 12, 2004

(2)

    
    In the Web Agent 12.52SP1CR01, I don't find smpwservicescgi.exe
    https://knowledge.broadcom.com/external/article?articleId=36934

(3)
  

    Incorrect old password change redirects to login.fcc
    https://knowledge.broadcom.com/external/article/214687/incorrect-old-password-change-redirects.html