Error : Password with £ or € characters not correctly updated User Store
search cancel

Error : Password with £ or € characters not correctly updated User Store


Article ID: 226001


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder)



When running a Policy Server, at time user changes its password for
one with character £ or €, then the last character of that password
gets trimmed in the DataBase User Store.

To illustrate :

    [email protected]

changes its password to "hello£1234 ".

The password in the DataBase User Store gets set to hello£123. The
last "4" gets removed.

When changing the user password through AdminUI, then the password
gets correctly updated in the DataBase without missing char.




The issue only occurs in the Customized journey where the page

which put the old and new passord in one encrypted value which it
posts to : 

and$SM$%7bRC2%7dg99%2fW52521msTyLeo6U8tclVriGhWEGKLGEssqsy0yEfYIcP71%2b4iWyZ4nRPvveIT9pzPyYYH%2f&[email protected]&SMAUTHREASON=23&SMAGENTNAME=myAgent&TARGET=$SM$

PSWDChangeServlet is a class of jpw.jar. Java and CGI password
services are deprecated since 2004 (1).

So to get continuity in the development and bug fixed, use the FCC
password services (ie.: smpwservices.fcc) (2)(3).




As PWS.fcc is deprecated, change the code in order to use
smpwservices.fcc instead of PWS.fcc to solve the issue.

Out of the box smpwservices.fcc doesn't show that issue.


Additional Information



    Netegrity SiteMinder Web Agent v5.x QMR 7

      Release Notes

 CGI and JSP Password Services Being Deprecated (29865)

 CGI and JSP versions of Password Services are being deprecated as
 of Web Agent 5.x QMR 7. CGI and JSP Password Services will
 continue to be shipped and supported, but these versions will be
 phased out in the future.  A new FCC Password Services application
 has been introduced at 5.x QMR 7.  For more information, see
 1.2. FCC Password Services on page 4.

    (c) Netegrity, Inc. All rights reserved. October 12, 2004


    In the Web Agent 12.52SP1CR01, I don't find smpwservicescgi.exe


    Incorrect old password change redirects to login.fcc