search cancel

APS changePassword servlet rejects a valid TARGET url

book

Article ID: 229540

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

During change password process, APS changePassword servlet rejects a valid TARGET url.

Here is the problem flow:
1. user login protected page, authentication successful.
2. user access APS changePassword servlet with TARGET url (url encoded). 
    enters old and new password.
3. changePassword fails, users lands back to changePassword page.

Tomcat server catalina.out reports error:
ERROR   2021-04-30 17:02:26,888 [ajp-bio-8011-exec-1] com.ca.sso.aps.Change  - Redirect URL is invalid: http%3A%2F%2Fhost%2Edomain%2Ecom%3A82%2Ftranspolar%2Femployee%2Fheader%5Fdump%2Ejsp
ERROR   2021-04-30 17:02:26,889 [ajp-bio-8011-exec-1] com.ca.sso.aps.Change  - getQueryParams Error decoding  TARGET with URL http%3A%2F%2host%2Edomain%2Ecom%3A82%2Ftranspolar%2Femployee%2Fheader%5Fdump%2Ejsp

Environment

Release : 12.52sp1cr10 agent.

Component : SITEMINDER ADVANCED PASSWORD SERVICES

Resolution

Broadcom engineering provided new fixed APS.war file for release 1252 sp01 cr11 agent on a windows platform, which resolves passing the encoded url in target. 

Target URL passed should be in full path and has url encoded.

For example:
http://host.domain.com:82/APS/ChangePassword?Target=http%3A%2F%2Fhost%2Edomain%2Ecom%3A82%2Ftranspolar%2Femployee%2Fheader%5Fdump%2Ejsp
 

Additional Information

DE501837