Usage of "ValidTargetDomain" ACO parameter.

Article Id: 52598

Status: Published

Updated On: 14-02-2018 06:43

Legacy Id: TEC507830

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

Description:

On which server, portal server, authentication server, and cookie provider should we set the "ValidTargetDomain" parameter?

Solution:

The ValidTargetDomain parameter protects Web Agents from phishing attempts that could redirect users to a hostile Web site.

From the documentation, the "ValidTargetDomain" is used during Cookie Credential Collector (CCC) processing.

If you are using a cookie provider, it will be check by it as it is generating the cookie. You do not need to put it on the portal servers.

Environment:

Release:
Component: SMAPC