Http Error 400 returned when using WebLogic Web Server
Article ID: 53903
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description
After logging in with the Login.fcc file that is on a Unix box the WebLogic server returns a HTTP error 400. WebLogic is reporting a malformed request.
There are no errors in the trace logs or webagent logs. In the WebLogic logs you will see entries such as:
Sample log:
Fri May 8 14:29:59 2009 <10054124180739925> Hdrs from Client:[SM_TRANSACTIONID]=[0a14060c-2746-4a047a27-002a-d71c03ad] Fri May 8 14:29:59 2009 <10054124180739925> Hdrs from Client:[SM_SDOMAIN]=[.fms.sample.com] Fri May 8 14:29:59 2009 <10054124180739925> Hdrs from Client:[SM_AUTHTYPE]=[Not Protected] Fri May 8 14:29:59 2009 <10054124180739925> Hdrs from Client:[SM_USER]=[QCRBTSUP ] Fri May 8 14:29:59 2009 <10054124180739925> Hdrs from Client:[SM_USERDN]=[cn=QCRB, ou=staff, ou=Financial Service, ou=Fiscal Service, ou=Sample, o=com]
you will notice that the final bracket for SMUSER header variable is on the next line. This is what WebLogic is interpreting as an end of line and causing the error 400.
Solution
The problem is that the login.fcc was opened on a windows machine edited and saved then sent back to a UNIX web server. This caused invalid characters to be saved in the login.fcc file and cause these issues.
This can be fixed by editing the login.fcc file and removing the invalid Control M and \r characters or running the command Dos2Unix on the login.fcc file.
Make backup of the Siteminder webagent files/folders and then perform the followings.
- run dos2unix against those files in order to remove the M or \r from the files.
- if customer use asp or jsp to post to login.fcc, then those should be checked as well. Please test with the login.fcc after running dos2unix.
The login.fcc file will look something like this after it has been edited on a windows system.
======================================================= <!-- SiteMinder Encoding=EUC-KR; --> M$ @username=%USER% M$ @smretries=0 M$ M$ <!-- M$ SSO [email protected]@M-; [email protected]'M-GM-X ID/PW [email protected] M-4M-B [email protected] M$ M$ author yb2u M$ version 1.1, 2002-11-11 M$ @updated by jelee, 2004-01-30 M$ --> M$ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> M$ <html> M$ <head> M$ <title>LG Enterprise Portal - LG Electronics</title> M$ <meta http-equiv="Content-Type" content="text/html; charset=euc-kr"> M$ <link href="css/style.css" rel="stylesheet" type="text/css"> M$ <link href="css/green.css" rel="stylesheet" type="text/css"> M$ <script language="javascript"> M$ <!-- M$ var url = window.location+""; M$ var target = "$$target$$"; M$ M$ function resetCredFields() { M$ document.Login.PASSWORD.value = ""; M$ } M$ M$ function submitForm() { M$ document.Login.submit(); M$ } M$ M$ function radioValue(radio) { M$ var checkValue; M$ Ifor (i=0;i<radio.length;i++) { M$ I Iif (radio[i].checked) { M$ I I checkValue = radio[i].value; M$ I I break; M$ I I } M$ I } M$ I return checkValue; M$ } M$ M$ function popupSelfReg() { M$ //var openSelfReg = popupCenter('','',400,538,0,0,0,0,0,0); M$ //openSelfReg.location = "/selfreg/SsoBtoEselfReg.jsp?lang=" + radioValue(document.Login.lang); M$ //openSelfReg.focus(); M$ // 11/19 IAM [email protected]$M->M-pD M-?M-dM-CM-;/[email protected]@M-1M-HM-/C M-<M-vM-AM-$ M$ cw=screen.availWidth; //M-HM--M-8M-i M-3M-JM-:M-q M$ ch=screen.availHeight; //M-HM--M-8M-i [email protected] M$ M$ sw=500;//M-6M-gM-?M-o M-CM-"[email protected] M-3M-JM-:M-q M$ sh=350;//M-6M-gM-?M-o M-CM-"[email protected] [email protected] M$ M$ ml=(cw-sw)/2;//M-0M-!M-?M-nM-5M-% [email protected]'M-GM-Q M-CM-"[email protected] [email protected]'M-DM-! M$ mt=(ch-sh)/2;//M-0M-!M-?M-nM-5M-% [email protected]'M-GM-Q M-CM-"[email protected] [email protected]'M-DM-! M$ M$ M$ window.open("http://lgeiam.lge.com:5500/idm/user/login2.jsp?ft=Register&lang=" + radioValue(document.Login.lang),"regPop","width=" + sw + ",height=" + sh + ",scrollbars=no,resizable=yes,left=" + ml + ",top=" + mt,0); M$ } M$ M$ function popupChPwd() { M$ var openChPwd = popupCenter('','',400,500,0,0,0,0,0,0); M$ openChPwd.location = "/chpwd/change_pwd.jsp?lang=" + radioValue(document.Login.lang); M$ openChPwd.focus(); M$ } M$ M$ function popupLostPwd() { M$ var openLostPwd = popupCenter('','',400,280,0,0,0,0,0,0); M$ openLostPwd.location = "/lostpwd/lost_pwd.jsp?lang=" + radioValue(document.Login.lang); M$ openLostPwd.focus(); M$ } M$ M$ M$ function popupHelp() { M$ var openHelp = window.open('','','resizable=yes,scrollbars=yes,status=0'); M$ M$ if (document.Login.lang[1].checked) { M$ openHelp.location = "/help/sso_help.ppt"; M$ } else { M$ openHelp.location = "/help/help.html" M$ } M$ M$ openHelp.focus(); M$ } M$ M$ M$ function popupAlertPwd() { M$ var openAlertPwd = window.open('','','resizable=no,scrollbars=no,status=0,width=483,height=589'); M$ M$ openAlertPwd.location = "/chpwd/alert_pwd.jsp?lang=" + radioValue(document.Login.lang); M$ openAlertPwd.focus(); M$ } M$ M$ function popupCenter(url, name, width, height, menubar, toolbar, location, resize, scroll,status) { M$ var str = "height=" + height + ",innerHeight=" + height; M$ str += ",width=" + width + ",innerWidth=" + width; M$ if (window.screen) { M$ var ah = screen.availHeight - 30; M$ var aw = screen.availWidth - 10; M$ var xc = (aw - width) / 2; M$ var yc = (ah - height) / 2; M$ str += ",left=" + xc + ",screenX=" + xc; M$ str += ",top=" + yc + ",screenY=" + yc; M$ } M$ str+= ",menubar="+menubar+",toolbar="+toolbar+",location="+location+",resizable="+re size+",scrollbars="+scroll+",status="+status; M$ return window.open(url, name, str); M$ } M$ M$ function popupEthics() { M$ var openEthics = window.open('','ethics',''); M$ M$ if (document.Login.lang[1].checked) { M$ openEthics.location = "http://www.lge.com/about/corporate/corporateculture_management.jsp"; M$ } else { M$ openEthics.location = "http://ethics.lg.co.kr" M$ } M$ M$ openEthics.focus(); M$ } M$ M$ function loginSso() { M$ //var targetResponseUrl = "$$target$$"; M$ //var targetResponseUrl = "/redirect.jsp?target=$$target$$"; M$ var targetTempUrl = ""; M$ var targetRealUrl = ""; M$ var targetUrlFlag = "lang=kr"; M$ M$ /*//2006/06/30 M-?M-5M-9M-.M-HM-- M$ var noIdMsg = "'USER ID'M-8M-& [email protected]<M-<M-?M-d."; M$ var noPasswordMsg = "'PASSWORD'M-8M-& [email protected]<M-<M-?M-d."; M$ */ M$ M$ var noIdMsg = "Please, input 'USER ID'"; M$ var noPasswordMsg = "Please, input 'PASSWORD'"; M$ M$ if (document.Login.lang[1].checked) { M$ targetUrlFlag = "lang=en"; M$ noIdMsg = "Please, input 'USER ID'"; M$ noPasswordMsg = "Please, input 'PASSWORD'"; M$ } M$ M$ intLangIndex = target.indexOf("lang="); M$ M$ if (intLangIndex == -1) { M$ targetTempUrl = target; M$ } else { M$ targetTempUrl = target.substring(0, intLangIndex - 1); M$ } M$ M$ intQuestionIndex = targetTempUrl.indexOf("?"); M$ intOrassoIndex = targetTempUrl.indexOf("orasso.wwsso_app_admin.ls_login"); M$ M$ if(intOrassoIndex >= 0){ M$ targetRealUrl = targetTempUrl; M$ }else if (intQuestionIndex == -1) { M$ targetRealUrl = targetTempUrl + "?" + targetUrlFlag; M$ } else if(intQuestionIndex > 0){ M$ targetRealUrl = targetTempUrl + "&" + targetUrlFlag; M$ } M$ M$ document.forms["Login"].elements["target"].value = "/redirect.jsp?target=" + escape(targetRealUrl); M$ // document.forms["Login"].elements["target"].value = targetRealUrl; M$ M$ if (document.forms["Login"].elements["USER"].value == "") { M$ alert(noIdMsg); M$ document.forms["Login"].elements["USER"].focus(); M$ } else if (document.forms["Login"].elements["PASSWORD"].value == "") { M$ alert(noPasswordMsg); M$ document.forms["Login"].elements["PASSWORD"].focus(); M$ } else if (document.forms["Login"].elements["PASSWORD"].value == document.forms["Login"].elements["USER"].value) { M$ popupAlertPwd(); M$ } else { M$ // saveid(document.Login); M$ document.Login.submit(); M$ } M$ } M$ M$ function keyPress(obj, e) { M$ if (e.keyCode) keycode=e.keyCode; M$ else keycode=e.which; M$ M$ if (keycode == 13) { M$ if (obj.name == "USER"){ M$ document.forms["Login"].PASSWORD.focus(); M$ }else{ M$ loginSso(); M$ } M$ } M$ } M$ M$ function MM_swapImgRestore() { //v3.0 M$ var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; M$ } M$ M$ function MM_preloadImages() { //v3.0 M$ var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); M$ var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) M$ if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} M$ } M$ M$ function MM_findObj(n, d) { //v4.0 M$ var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { M$ d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} M$ if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; M$ for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); M$ if(!x && document.getElementById) x=document.getElementById(n); return x; M$ } M$ M$ function MM_swapImage() { //v3.0 M$ var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) M$ if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} M$ } M$ Ifunction setCookie (name, value, expires) { M$ I document.cookie = name + "=" + escape (value) + M$ I "; path=/; expires=" + expires.toGMTString(); M$ I} M$ M$ Ifunction getCookie(Name) { M$ I var search = Name + "=" M$ I if (document.cookie.length > 0) { // M-DM-mM-EM-0M-0M-! M-<M-3M-AM-$M-5M-GM->M-n [email protected] M$ I offset = document.cookie.indexOf(search) M$ I if (offset != -1) { // M-DM-mM-EM-0M-0M-! [email protected] M$ I offset += search.length M$ I // set index of beginning of value M$ I end = document.cookie.indexOf(";", offset) M$ I // M-DM-mM-EM-0 M-0M-*[email protected] M-8M-6M-AM-vM-8M-7 [email protected]'M-DM-! [email protected]&M-=M-: M-9M-xM-HM-# M-<M-3M-AM-$ M$ I if (end == -1) M$ I end = document.cookie.length M$ I return unescape(document.cookie.substring(offset, end)) M$ I } M$ I } M$ I return ""; M$ I} M$ M$ Ifunction saveid(form) { M$ I var expdate = new Date(); M$ I // M-1M-bM-:M-;[email protected]{[email protected] [email protected]?M->M-H M-1M-bM->M-oM-GM-OM-0M-T M-GM-T. [email protected]<M-vM-8M-& [email protected]}M-GM-OM-7M-AM-8M-i * 30M-?M-!M-<M-- M-<M-}[email protected]& [email protected]}M-GM-OM-8M-i M-5M-J M$ I if (form.checksaveid.checked) M$ I expdate.setTime(expdate.getTime() + 1000 * 3600 * 24 * 30); // [email protected] M$ I else M$ I expdate.setTime(expdate.getTime() - 1); // M-DM-mM-EM-0 M-;M-hM-AM-&M-AM-6M-0M-G M$ I setCookie("saveid", form.USER.value, expdate); M$ I} M$ M$ Ifunction getid(form) { M$ I form.checksaveid.checked = ((form.USER.value = getCookie("saveid")) != ""); M$ I} M$ //--> M$ </script> M$ </head> M$ <body leftmargin="0" topmargin="0"> M$ <table width="100%" height="520" border="0" cellpadding="0" cellspacing="0"> M$ <tr> M$ <td height="2" colspan="3" class="top_bg_line"></td> M$ </tr> M$ <tr> M$ <td height="10" colspan="3" class="popup_bg_top"></td> M$ </tr> M$ <tr> M$ <td colspan="3" align="center" valign="top"> M$ <table width="660" border="0" cellspacing="0" cellpadding="0"> M$ <tr> M$ <td height="45"></td> M$ </tr> M$ <tr> M$ <td height="30" colspan="4"><img src="images/lge_logo.gif" width="160" height="38"></td> M$ </tr> M$ <tr> M$ <td width="357" height="322" rowspan="2" align="right"><img src="images/new_login.jpg" width="356" height="322"></td> M$ <td width="15" rowspan="2" class="bg_login_f7f7ef"> </td> M$ <td height="160" align="center" bgcolor="F7F7EF"> M$ <table width="260" border="0" cellspacing="0" cellpadding="0"> M$ <form NAME="Login" METHOD="POST"> M$ <input type=hidden name=SMENC value="EUC-KR"> M$ <input type=hidden name=target> M$ <input type=hidden name=smauthreason value="$$smauthreason$$"> M$ M$ <tr> M$ <td align="right" class="login_title"> </td> M$ <td height="10" colspan="2" class="font_login"><input type="radio" name="lang" value="kr" checked> M$ Korean M$ <input type="radio" name="lang" value="en"> M$ English</td> M$ </tr> M$ <tr> M$ <td width="67" align="right" class="login_title">USER ID</td> M$ <td width="118" align="center"> <input name="USER" type="text" class="input_textfield" style="width:106px;height:18px" onkeydown="keyPress(this, event)"></td> M$ <td width="75"> </td> M$ </tr> M$ <tr> M$ <td align="right" class="login_title">PASSWORD</td> M$ <td align="center"> <input name="PASSWORD" type="password" class="input_textfield" style="width:106px;height:18px" onkeydown="keyPress(this, event)"></td> M$ <td align="right"><a href="javascript:loginSso();"><img src="images/login_btn_g.gif" border="0"></a></td> M$ </tr> M$ <!--<tr> M$ <td height="20" > </td> M$ <td height="10" colspan="2" class="font_login"><input type="checkbox" name="checksaveid" checked> M$ Remember my ID on this computer.</td> M$ </tr>--> M$ <tr> M$ <td height="1" colspan="3" class="dotline"><img src="images/blank.gif" width="1" height="1"></td> M$ </tr> M$ <tr> M$ <td colspan="3"> M$ <table width="100%" border="0" cellspacing="0" cellpadding="0"> M$ <tr> M$ <td height="5" colspan="3"></td> M$ </tr> M$ <script language=javascript> M$ if( (location.hostname+"").indexOf("dmz")>=0 ){ M$ document.write( M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='JavaScript:popupLostPwd()' onfocus='blur()'> Forgot ID/Password</a>?</td>" + M$ " <td rowspan='2' width='130'><a href='javascript:popupEthics()' onfocus='blur()'><img src=/images/banner_cyber2.gif width=130 height=35 border=0></a></td>" + M$ " </tr>" + M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='javascript:popupHelp()' onfocus='blur()'> Help</a></td>" + M$ " </tr>"); M$ }else { M$ document.write( M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='JavaScript:popupSelfReg()' onfocus='blur()'> Register</a></td>" + M$ " <td rowspan='4' width='130'><a href='javascript:popupEthics()' onfocus='blur()'><img src=/images/banner_cyber2.gif width=130 height=35 border=0></a></td>" + M$ " </tr>" + M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='JavaScript:popupLostPwd()' onfocus='blur()'> Forgot ID/Password</a>?</td>" + M$ " </tr>" + M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='JavaScript:popupChPwd()' onfocus='blur()'> Change Password</a></td>" + M$ " </tr>" + M$ " <tr>" + M$ " <td align=center><img src=images/bullet_red.gif></td>" + M$ " <td class=font_login><a href='javascript:popupHelp()' onfocus='blur()'> Help</a></td>" + M$ " </tr>"); M$ } M$ </script> M$ </table> M$ </td> M$ </tr> M$ </form> M$ </table> M$ </td> M$ <td width="15" rowspan="2" bgcolor="F7F7EF"> </td> M$ </tr> M$ <tr> M$ <td height="162" valign="top" bgcolor="F7F7EF"> M$ <table width="100%" border="0" cellspacing="0" cellpadding="0"> M$ <tr> M$ <td height="2" class="popup_bg_top"></td> M$ </tr> M$ <tr> M$ <td height="15"></td> M$ </tr> M$ <tr> M$ <td> M$ I I I I <table width="100%" border="0" cellspacing="1" cellpadding="1"> M$ I I I I <tr> M$ I I I I <!--td class="bullet_red_small"> </td--> M$ I I I I <td class="font_login_notice" height=140> M$ <script src="/notice/notice_scroll.jsp" language="JavaScript"></script> M$ I I I I </td> M$ </tr> M$ </table> M$ </td> M$ </tr> M$ <tr> M$ <td height="5"></td> M$ </tr> M$ </table> M$ </td> M$ </tr> M$ </table> M$ </td> M$ </tr> M$ <tr> M$ <td height="1" colspan="6" class="table_line_simple"></td> M$ </tr> M$ <tr> M$ <td height="47" colspan="6" align="center" class="bg_gray_F7F7F7"> M$ <table width="660" border="0" cellspacing="0" cellpadding="0"> M$ <tr> M$ <td width="120" height="25" align="center" ><img src="images/footer_lge_logo.gif" width="88" height="19"></td> M$ <td ><font class="footer">Copyright 2005 LG Electronics</font></td> M$ </tr> M$ </table> M$ </td> M$ </tr> M$ <tr> M$ <td height="1" colspan="6" class="table_line_simple" ></td> M$ </tr> M$ </table> M$ <script language="javascript"> M$ document.forms["Login"].elements["USER"].focus(); M$ if (url.indexOf("icsso.lge.com") > 0 || url.indexOf("icdmz.lge.com") > 0 || target.indexOf("icsso.lge.com") > 0 || target.indexOf("icdmz.lge.com") > 0){ M$ document.forms["Login"].lang[1].checked = true ; M$ } M$ // getid(document.Login); M$ </script> M$ </body> M$ </html> M$ ================ =================================================
Environment
Release:
Component: SMSUN
Component: SMSUN
Feedback
Yes
No
Powered by
