search cancel

Characters ";" and "=" are encoded in URL but not decoded on redirection to the target URL after authentication.


Article ID: 4812


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


In r12.5 Web Agent, below characters are encoded but not decoded on redirection to the target URL after authentication.

  1. ";"
  2. "="
  3. ","

The problem is observed in the HTTP Response of the POST Request to loging.fcc. It returns an incorrect Location header where ';' and '=' are still Url-encoded. Eventually, this will result in HTTP 404 Not Found.


On the other hand, in Web Agent r6, these characters are decoded.


Here are snippets from the problematic HTTP headers.

HTTP GET Request to a protected page:

Line 1: GET /test2/test.html;siteminder=siteminder HTTP/1.1

HTTP POST Request to login.fcc:

Line 54: POST /siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-cde9b21b-9724-45f2-87ef-fe18c031724a&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-AG%2f9AI75GrDqpKR2BksIfYzZ2sVDAxETtrLgKAPuDzILchWX9s8%2fn10LctKPjKAH&TARGET=-SM-http%3a%2f%2ftest1%2eexample%2ejp%2ftest2%2ftest%2ehtml%3bsiteminder%3dsiteminder HTTP/1.1


HTTP Response of redirection to the target:

Line 69: HTTP/1.1 302 HTTP/1.1 302 Object Moved
Line 70: Cache-Control: no-store
Line 71: Content-Length: 0
Line 72: Location:

[Expected result]
%3B and %3D should be decoded to ‘;’ and ‘=’ respectively.



Web Agent 12.5xOS: All


By default, the ACO parameter Localization=YES. In this case, these characters are encoded BUT NOT decoded. This is as desiged in r12.5x.


If you want the same R6 behavior, please change the ACO parameter Localization=NO. It is the best method for compatibility.