When setting 'yes' to SecureURLs in ACO parameter, but WebAgent can not encode hash(#) value in URL, despite other delimiter string (e.g <,>,",%) are encoded.
This is related to Web browser specification, not CA SSO side.
The URL fragment (everything from # on) not even gets sent to the server.
They are regarded as locations within the document and are therefore not exposed to the server.
Release:
Component: SMSSO
Please refer to the following additional information.
Hash character in URLs (accessing and redirecting in Apache)
How does IIS URL Rewrite handle # anchor tags
http://stackoverflow.com/questions/9422734/how-does-iis-url-rewrite-handle-anchor-tags