search cancel

SSO R12.52 SP1 CR08 Issue with retrieving attributes from User store is case sensitive

book

Article ID: 8713

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Our clients who upgraded from earlier releases of SSO 12 SP3 , 12.5, 12.51, 12.52, and 12.52 SP1  to 12.52 SP1 CR08 has experienced that User attributes configured in responses are no longer being set if the attribute defined in the response does not match the case sensitivity of the attributes name on the directory side.

For Example, Active directory "mail" attribute is defined in a response header as follows "userattr=Mail" will no longer be set while if defined as "userattr=mail" gets set successfully.

 

Cause

This is caused by a known Defect introduced in SSO 12.52 SP1 CR08 where the lookup for the user attribute was case sensitive.

In our Example below, we defined two Response headers for the same policy as follows 

* TEST_MAIL_LOWERCASE="userattr=mail"

* TEST_MAIL="userattr=Mail"

From policy server Trace, we can see the below Results 

- For TEST_MAIL_LOWERCASE="userattr=mail"

[Processing Attribute [Property = mail] [Trim Property = mail] [Separator = ^]][][][][][][][][] 

[SmAuthUser.cpp:2213][GetPropIndex] Processing Attribute [Property = mail] [Trim Property = mail] [Separator = ^]][][][][][][][][] 

[SmDsUser.cpp:403][GetProp][Property 'mail' for user 'CN=joe10,CN=Users,DC=mysite,DC=com' found in cache][][][][][][][][] 

[SmActiveExpr.cpp:520][CSmActiveExprLibrary::GetActiveValue][[email protected]][][][][][][][][Leave function CSmActiveExprLibrary::GetActiveValue][][][][][][][][] 

 

- For TEST_MAIL="userattr=Mail"

[SmAuthUser.cpp:2213][GetPropIndex][Processing Attribute [Property = Mail] [Trim Property = Mail] [Separator = ^]][][][][][][][][] 

[SmDsUser.cpp:403][GetProp][Property 'Mail' for user 'CN=joe10,CN=Users,DC=mysite,DC=com' found in cache][][][][][][][][] 

[SmActiveExpr.cpp:520][CSmActiveExprLibrary::GetActiveValue][][][][][][][][][][][][][][][][][][][TEST_MAIL=][][][][][][][][Leave function CSmActiveExprLibrary::GetActiveValue][][][][][][][][] 

 

 

Environment

SSO Release 12.52 SP1 CR08 all platforms

Resolution

This Defect will be addressed within 12.52 SP1 CR09.

If you require a DEV fix for 12.52 SP1 CR08, please open a Case with CA support to get the DEV fix based on your platform.