Symantec Access Management

  • Private Community
Back to Library

Tech Tip : CA Single Sign-On : Webagent is redirecting to url that is not part of the valid target domain 

Sep 17, 2018 07:18 AM

Issue

 

We have configured the Siteminder ValidTargetDomain to .abc.com which has to block redirects to other websites other than the .abc.com.

However, we observe that the agent is not blocking the target url which is not part of the configured valid target domain, and the requests are being forwarded to the target url.

We tested by accessing "https://abc.com/login/logoff.fcc?TARGET=https://firewall.com", and observed that the agent redirects me to firewall.com instead of blocking it.

 

How can we configure Siteminder to reject this request?

 


Cause


ignoreext='.class,.fcc,.scc,.sfcc,.ccc,.ntc,.css,.dll,.properties,.unauth'.

Fiddler trace showed that the request was not processed as the webagent was configured to ignore the .fcc extension

 


Resolution


Remove the .fcc extension from the ignoreext ACO parameter and then restart the webagent

 

 

KD : KB000115119

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.