Ujwol Shrestha

SSO Web Agent r12.52 Defect Fixes History

Blog Post created by Ujwol Shrestha Employee on Jul 6, 2016

R12.52 SP1 CR07


The following issues were fixed in Web Agent:

Salesforce Case NumberInternal Defect IDIssue Description
00692205DE280513Web agent crashes when the machines use IPV6 addresses.


R12.52 SP1 CR06



Salesforce Case NumberInternal Defect IDIssue Description





Web Agent End URL is not redirecting using HTTPS but instead it was redirecting to HTTP.



Post preservation flow is not working and it is throwing HTTP 500 error for webserver when content compression is enabled for text/html type for Oracle iPlanet webserver.



login.sfcc goes into infinite redirect loop when resource is protected using X509 Cert or forms authentication scheme and the resource is accessed from the browser.



Before authentication, Policy Server trims trailing spaces or carriage returns whenever username contains these characters but SMUSER header contains username with carriage return characters.



In WebAgent Trace, ResponseTime is not logged in milliseconds.



Password change form is not being displayed for German locale.



Browser throws HTTP 502.3 error when trying to access the URL behind IIS+ARR and that URL contains non-standard ASCII characters.



APS libraries are missing in Solaris 64-bit Web Agent.

00303302DE138108Service Provider fails with “java.lang.NullPointerException” while consuming an IDP generated assertion with the SP feature SingleAssertionUsage option is enabled.

Web Agent is not failing back to the first Policy Server and requests are not processed successfully when starting the first Policy Server.


CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.

00511425DE232200Agent crashes the web server when you access FCC page for impersonation flow.



R12.52 SP1 CR05



Salesforce Case NumberInternal Defect IDIssue Description
22000073-01DE65940The SAML 1.1 default target configuration is inconsistent in FSS UI and Administrative UI.
00085491DE72409The WebAgent-OnAccept-Redirect response fails to work for POST requests when the ACO uses LegacyCookieProvider and CookieProvider.
00146918DE74047The LLAWP Process shutdown delays if the  default value of RequestTimeout value is changed in HCO.
00176713DE75598Web Agent Option Pack fails to honor the SSOTrustedZone parameter.
00075954DE78997When LegacyCookieProvider is set to YES, the PUT and HEAD methods are converted to GET after redirection to cookie provider.
00061182DE82998The TargetAsRelativeURI ACO parameter fails to evaluate response URIs.
00061182DE83176The TargetAsRelativeURI ACO parameter evaluates the OnAuthAccept response URI.
00219262DE92856The Multivalued HTTP headers are not displayed for Apache webserver when PreserverHeaders is set to YES.
00186932DE100675Web Agent displays  the “Bad or missing context 'SESSION struct'” error for a valid condition.
00250498DE103898The Forward proxy fails to work with Web Agent deployed on Apache 2.4.x, resulting in the 500 server error.
00248797DE130894Web Agent throws the following error when the client makes a call with empty host header using the HTTP/1.1 protocol: “Unable to resolve server host name. Exiting with HTTP 500 server error '10-0004'.
00220954DE137855AuthnRequest sent by HTTP POST binding does not contain the the Destination attribute.
00220523DE138229The Web Agent configuration wizard fails to detect the Oracle HTTP Server instance when it is installed outside of ORACLE_HOME.
00226217DE138412SAML2.0 Response signing throws an exception if no assertion is found in the SAML Response.
21907654DE138955If a request includes an IP address that is unresolved, access to the application fails though the request through a proxy server to the same application is successful.
00118306DE139891The password change reason is not passed to Change Password form during POST.
00261138DE144425Federation web services fail to validate the URL passed in the wreply query parameter and may redirect the user to a phishing website.
00037176DE156074The SAML 2.0 SLO with SOAP binding fails with the 500 server error if the SS_EXPIRYDATA5 file is changed.
00349861DE158102The ISAPI filter for 64-bit web agent is missing in IIS Manager after the agent upgrade.
00195376DE66836The functionality of Flush All overrides the rollover configuration defined in LoggerConfig.properties, and rolls the Web Agent Option Pack logs.
00173114DE72556The time unit in SmPortal.cfg is incorrectly represented in milliseconds.
00095363DE99753The Apache Web Agent causes high CPU usage.
00190162DE100770The web agent configuration wizard fails to update the opmn.xml with Oracle HTTP Server 11g.
00149984DE109460If CSSErrorFile is set to a local file path, Web Agent appends extra text strings to the error page.
0009305DE109479Apache webserver fails to start and determine the path to the .properties file when web agent is enabled.


R12.52 SP1 CR04


Product: CA SiteMinder Web Agent 12.52 SP01 CR04

December 30, 2015      CA SiteMinder Web Agent 12.52 SP01 CR04 contains fixes for the following tracking numbers:

Tracking #             Problem description

----------                 -------------------

RTC 168683 / DE94552   CA SiteMinder agents do not support auto authorization.

RTC 161418 / DE86190   The installer displays a misleading error message when incorrect host registration credentials are provided.

RTC 155671 / DE78890   Web Agent reports the HTTP 500 Server error when the Cookie Provider is not defined.

RTC 153157 / DE104171  Web Agent displays the HTTP 500 Server error when  a URL ending with .sac extension is accessed.

RTC 163694 / DE111843  HTTP Response of BadCSSCharsFound contains incorrect HTML data.

RTC 161317 / DE86714   Web agent crashes if the HTTP_OPENID_DISC cookie is not present in headers for the OpenID authentication provider.

RTC 141833 / DE79301   Duplicate ICU shared library files are present in  the ICU third-party folder.

RTC 160850 / DE102716  The Impersonation flow fails when the FCC Compat mode is set to YES.

RTC 162925 / DE74697   The SMUSRMSG cookie appears even after  successful authentication.

RTC 157785 / DE106171  The Windows Step-up Authentication challenges user with the NTLM dialog with an access denied error.

RTC 151777 / DE84661   Web Agent initializes though an agent is not configured to a website.

RTC 162301 / DE74396   The SMIDENTITY cookie gets deleted on log out.

RTC 162681 / DE73068   The Web Agent configuration wizard does not add the SSLClientAuth directive for any x509    authentication scheme.

RTC 142415 / DE66081   The Windows PATH variable appends duplicate values after reinstalling Web Agent.

RTC 137831/137834 /    The web agent vulnerability in SMAUTHREASON with

DE72676/DE72835        non-numeric data is exposed to JSP/JavaScript attack.

RTC 137739/156919 /    The SunOne WebAgent terminates abruptly when

DE72506/DE66473        a large URL ends with the '%' character.


R12.52 SP1 CR03


September 21, 2015 SiteMinder Web Agent 12.52 SP01 CR03 contains fixes for the following tracking numbers:

Tracking # Problem description

----------       -------------------

161399 CSS Vulnerability (When URL contains % character at the end, Webagent is sending junk characters in response) in Siteminder forms templates (For non-agent framework).


R12.52 SP1 CR02


July 17, 2015 SiteMinder Web Agent 12.52 SP01 CR02 contains fixes for the following tracking numbers:

Tracking # Problem description

---------- -------------------

53246/154235 After enabling the Web Agent, names.nsf and WebAgent logs are not displayed properly.

150033 Apache child process terminates abnormally.

71834 Agent on IIS 7.5 continuously restarts after second web site is added to the web server.

142331 SAMLDataPlugin fails to accept the UseSecureCookies ACO parameter for Web Agent on the target application of  Service Provider.

46137 Web Agent configuration on RedHat 7 for Rehat Apache does not place the SSL tags in ssl.conf

124667 HTTP headers using methods other than OPTIONS and HEAD are not auto authorized.

153984 Configuration wizard is corrupting iPlanet server.xml

149188 When threshold percentage is set to more than 50%, web agent connections fail to connect to all the policy  servers in the cluster. The following error occurs:

Unable to load SiteMinder agent configuration object. Check that you are using the right agent configuration object and that it exists in your policy server.

145807 The URL access request blocks when you access a URL which contains %c0%af with isAllowUTF8NonCanonical flag set to no in ACO.

141054/158053 Web agent does not recognize semi colon as a parameter delimiter.

155275 Upgrade CAPKI to version 4.3.8


R12.52 SP1 CR01


February 13, 2015 SiteMinder Web Agent 12.52 SP01 CR01 contains fixe for the following tracking numbers:

Tracking # Problem description

----------      ---------------------------

137092 Cookie-domain functionality fails when you enable the smconnector at Service Provider side.

64778 Web Agent support for Apache 2.4 on Windows 2008 R2.

126082 SOA Security Manager uses basic credentials when there is no SOAP body in request for the resources that are protected with WS-Security AuthScheme.

119501 Agent fails to display log messages when you configure Domino Agent on IBM AIX.

70656 IIS w3wp process terminates intermittently under heavy load.

121054 IIS w3wp terminates abruptly and creates multiple log files in a shorter duration.

85711 Web Agent support for Apache graceful restart on LINUX.

98537 Agent forces re-authentication in a Multi-Domain SSO environment, when both the MASTER domain cookies expire.


R12.52 CR01


March 4, 2014 SiteMinder Web Agent 12.52 CR01 contains fixes for the following tracking numbers:

Tracking # Problem description

---------- -------------------

This component is not released as part of 12.52 CR01.