During change password process, APS changePassword servlet rejects a valid TARGET url.
Here is the problem flow:
1. user login protected page, authentication successful.
2. user access APS changePassword servlet with TARGET url (url encoded).
enters old and new password.
3. changePassword fails, users lands back to changePassword page.
Tomcat server catalina.out reports error:
ERROR 2021-04-30 17:02:26,888 [ajp-bio-8011-exec-1] com.ca.sso.aps.Change - Redirect URL is invalid: http%3A%2F%2Fhost%2Edomain%2Ecom%3A82%2Ftranspolar%2Femployee%2Fheader%5Fdump%2Ejsp
ERROR 2021-04-30 17:02:26,889 [ajp-bio-8011-exec-1] com.ca.sso.aps.Change - getQueryParams Error decoding TARGET with URL http%3A%2F%2host%2Edomain%2Ecom%3A82%2Ftranspolar%2Femployee%2Fheader%5Fdump%2Ejsp
Release : 12.52sp1cr10 agent.
Component : SITEMINDER ADVANCED PASSWORD SERVICES
Broadcom engineering provided new fixed APS.war file for release 1252 sp01 cr11 agent on a windows platform, which resolves passing the encoded url in target.
Target URL passed should be in full path and has url encoded.