AnsweredAssumed Answered

How to pass XSS validation of Site Minder Agent?

Question asked by dongngh on Jul 16, 2014
Latest reply on Jul 17, 2014 by dongngh

My customer use CA Site Minder for SSO. Site Minder Agent is installed in IIS, some request is stopped by Site Minder Agent and show a message "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags". I added "CSSChecking=no" in LocalConfig.conf then the request can pass through. But i think it's not recommended. Plz help me explain the true root cause of it and how to solve it? Thanks.

Outcomes