Symantec Access Management

We have a custom auth scheme implemented which needs to redirect (302) to the TARGET URL including all original parameters and an additional flow parameter - as part of multi-factor authentication.  We need SecureURLs turned on, for XSS protection, yet we need a way to read the original parameters and the additional param on the client. 

So we need a way to either decrypt SMQUERYDATA on the client, or to bypass SecureURLs on this custom scheme.  Are either of those options possible?

Can we call $$smdecode(smquerydata)$$ inside the .fcc to achieve this?  So far this hasn't actually decrypted at all.

Thanks, Craig

craig-snyders:

We have a custom auth scheme implemented which needs to redirect (302) to the TARGET URL including all original parameters and an additional flow parameter - as part of multi-factor authentication.  We need SecureURLs turned on, for XSS protection, yet we need a way to read the original parameters and the additional param on the client. 

So we need a way to either decrypt SMQUERYDATA on the client, or to bypass SecureURLs on this custom scheme.  Are either of those options possible?

Can we call $$smdecode(smquerydata)$$ inside the .fcc to achieve this?  So far this hasn't actually decrypted at all.

Thanks, Craig

Hi All,

Any thoughts here for Craig?

Thanks!

Chris

Hi Craig,

Please refer below links for more details on the use case.

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1940292.html 

Custom Login Page 

Thanks,

Sharan

You asked :

• So we need a way to either decrypt SMQUERYDATA on the client, or to bypass SecureURLs on this custom scheme.  Are either of those options possible?

        Ujwol => No , neither of those options are possible.

• Can we call $$smdecode(smquerydata)$$ inside the .fcc to achieve this?

        Ujwol => You can but, that will only decode it. It's still encrypted. It can't be decrypted.