Ujwol Shrestha

SSO Web Agent r12.5 Defect Fixes History

Blog Post created by Ujwol Shrestha Employee on Jul 6, 2016

R12.5 CR05


08/14/2015 Web Agent 12.5 CR05 contains fixes for the following tracking numbers:

Tracking # Problem description

---------- ---------------------

151777/160612 Web Agent is getting initialized even though agent is not configured to the website.

55818/160827 Web Agent on IIS 7.5 continuously restarts after the second website is added to the web server.

143255/161324 Web Agent termniates abruptly while processing the OpenID response if the HTTP_OPENID_DISC cookie is unavailable in the response.

160822/161397 CSS Vulnerability in Siteminder Forms Templates.

54925/160500 Web Agent crashes intermittently on IIS when authentication header exceeded 256 characters in length.

155958 Wrong SSL tags are placed in the web server configuration file during Web Agent configuration.


R12.5 CR04


11/11/2013 Web Agent 12.5 CR04 contains fixes for the following tracking numbers:

Tracking # Problem d scription

---------- -------------------

175588/171158/175911 A user is authenticated to the correct user with Integrated Windows Authentication.

176729/169984 The Web Agent now implements the idle timeout that is configured in Realm for URLs, which do not  contain resource (for example: http://server.example.com/protected/).

172785/158207 Integrated WIndows Authentication now detects real client IP in a Load Balancer environment.

177131 The FCC template files are fixed to address the "Insufficient Cross Frame Prevention" vulnerability that allows FCC pages to be accessed in a frame.

177762/153433 HTML encoding capability is added to FCC processing. A new ACO parameter named fcchtmlencoding" is added to enable HTML encoding to all values inserted into FCC variables  (noted by the syntax $$varname$$). For more information  about "fcchtmlencoding", see the online documentation.


Following certifications are included in Weg Agent r12.5 CR4 release:

  1. Support for Web Agent (32 & 64-bit) with Apache 2.4 (32 & 64-bit)

  on RHEL 5, RHEL6, Solaris 10 SPARC, Solaris 10 (x86), AIX 6.1,

  and AIX 7.1.

  2. Support for Web Agent (64-bit) with Oracle HTTP Server 11g (64-bit)

  on Windows 2008 R2 and RHEL 6.

  3. Support for Web Agent (32 & 64-bit) on Windows 2008 SP2.

  4. Support for Web Agent (32 & 64-bit) with ASF Apache 2.2.x

  (32 & 64-bit) on AIX 7.1 (64-bit).

  5. Support for Web Agent (32-bit) with IHS 8.5 on Windows 2008 R2.


R12.5 CR03



6/9/2013 Web Agent 12.5 CR03 contains fixes for the following tracking numbers:

Tracking #      Problem description

----------          -------------------

172310          The Web Agent installer installs the required Microsoft VC runtime when the Windows 32-bit installer is used on 64-bit machines/operating systems.

171690          The Web Agent installer copies the templates and PWS.fcc files that are required for the smpwservicescgi


163689          The Web Agent configuration wizard configures IBM HTTP Server 8.0 successfully.


R12.5 CR02


1/24/2013 Web Agent 12.5 CR02 contains fixes for the following tracking numbers:

Tracking #    Problem description

----------        -------------------

163314        The Web Agent installer now properly copies the libxerces-c.so.21 library on the Solaris 10 (sparc) 64-bit platform.

148319/162047 If IIS 7.x is in integrated mode and ServletExec or Tomcat is the servlet container, resources will now be protected.

151871/162836 The Web browser no longer goes into endless loop when the following criteria are met:

- Anonymous authentication scheme is configured.

- A cookie provider is configured.

150865/164629 Protection levels will now work with IIS 7 when ARR (Application request routing) is used. This fix introduces a new ACO parameter "EarlyCookieCommit". The new parameter defults to "no", which means that cookie are set very late during the processing of the request

149256/164630 The Web Agent is no longer susceptible to redirection to an external site after password confirmation. A recently added ACO Parameters, BadTargetChars, has default values of  /\  and  /%09/  characters. If the TARGET field contains any characters specified in this parameter, the Web Agen tblocks the request.

154373/164659 Kerberos authentication now works for users who have a large number of group memberships in a Windows Active Directory.

164700        The Web Agent installer can now register with a Policy Server that is configured for the FIPS-only communication mode.


R12.5 CR01


Product: SiteMinder Web Agent 12.5 CR01

10/26/2012      Web Agent 12.5 CR01 contains fixes for the following tracking numbers:

Tracking #      Problem description

----------             -------------------

160638      Web Agent now redirects to WebAgent-OnAccept-Redirect URL when configured in an OnAuthAccept rule

157086      Web Agent configuration wizard now finds the 32-bit version of the Apache 2.2.19 web server on the Windows Server 2008 R2 platform.

158356      Web Agent installer now updates PATH environment variable with 64-bit folder first in the order.