Web Agent truncates/strips off query string parameters of a request to a protected resource with FCCCOMPATMODE=yes.

book

Article ID: 51270

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Web Agent is truncating/stripping query string characters when form data is posted to credential collector and encoding is applied to the target URL that is posted to credential collector using some script e.g. here, query string is encoded by the asp page using Server.URLEncode("?key=") function that converts the query string into encoded format having hexadecimal code for special characters viz. ?, = etc. As the target URL is modified at the time of posting data to credential collector; so, credential collector does not handle these hexadecimal characters properly and return the URL by stripping off the query string from the URL.

Solution:

URL parsing has been implemented in case target URL is encoded while it is posted to credential collector, so, code is handling the posted URL to check for hexadecimal characters in it and returns the target URL along with query string (if present) without stripping it.

Environment

Release:
Component: SMIIS