Characters ";" and "=" are encoded in URL but not decoded on redirection to the target URL after authentication.

book

Article ID: 4812

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

In r12.5 Web Agent, below characters are encoded but not decoded on redirection to the target URL after authentication.

  1. ";"
  2. "="
  3. ","


The problem is observed in the HTTP Response of the POST Request to loging.fcc. It returns an incorrect Location header where ';' and '=' are still Url-encoded. Eventually, this will result in HTTP 404 Not Found.

 

On the other hand, in Web Agent r6, these characters are decoded.

 

Here are snippets from the problematic HTTP headers.

HTTP GET Request to a protected page:

Line 1: GET /test2/test.html;siteminder=siteminder HTTP/1.1

HTTP POST Request to login.fcc:

Line 54: POST /siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-cde9b21b-9724-45f2-87ef-fe18c031724a&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-AG%2f9AI75GrDqpKR2BksIfYzZ2sVDAxETtrLgKAPuDzILchWX9s8%2fn10LctKPjKAH&TARGET=-SM-http%3a%2f%2ftest1%2eexample%2ejp%2ftest2%2ftest%2ehtml%3bsiteminder%3dsiteminder HTTP/1.1

 

HTTP Response of redirection to the target:

Line 69: HTTP/1.1 302 HTTP/1.1 302 Object Moved
Line 70: Cache-Control: no-store
Line 71: Content-Length: 0
Line 72: Location: http://test1.example.jp/test2/test.html%3Bsiteminder%3Dsiteminder

[Expected result]
%3B and %3D should be decoded to ‘;’ and ‘=’ respectively.


Location: http://test1.example.jp/test2/test.html;siteminder=siteminder

Cause

By default, the ACO parameter Localization=YES. In this case, these characters are encoded BUT NOT decoded. This is as desiged in r12.5x.

Environment

Web Agent 12.5xOS: All

Resolution

If you want the same R6 behavior, please change the ACO parameter Localization=NO. It is the best method for compatibility.