Symantec Access Management

  • Private Community

  • 1.  Unable to login from login.fcc if Password contains certain special characters

    Posted Apr 24, 2018 01:35 PM

    Hello All,

     

    We have not used any password policies in siteminder and in our directory we have a user whose password is "Pass%123" ,But when tried to login with this user it is showing invalid password even if proper password is provided ,also if password didn't contain special character "%" for Eg: "Pass@123", It is working fine as expected. So I believe somewhere password is getting encoded and certain special characters is getting changed and hence I'm getting invalid credentials ..Also inspected login.fcc and nowhere found any code related to encoding.

     

    Can someone Please explain how to make policy server to accept all special characters .



  • 2.  Re: Unable to login from login.fcc if Password contains certain special characters

    Broadcom Employee
    Posted Apr 24, 2018 04:21 PM

    It could be due to the encoding format from either login.fcc or webserver level.

     

    Are you using custom login.fcc file ? if yes, can you try with the OOTB file from webagent ? 

     

    Also capture the http/fiddler trace to check the value of SMENC parameter while posting the credentials.

     

    Regards

    Ashok



  • 3.  Re: Unable to login from login.fcc if Password contains certain special characters

    Posted Apr 25, 2018 03:17 AM

    Hi Ashok,

     

    Tried with OOTB file from web agent also ,Same issue persist there also, Also enabled trace logs , But didn't found anything useful.



  • 4.  Re: Unable to login from login.fcc if Password contains certain special characters

    Posted Apr 25, 2018 06:46 AM

    In the past we identified issues when we used certain type of special characters e.g $$ in password. You'd know we practically had $$ everywhere within the product.

     

    This to me see like a similar issue and would need Engineering intervention to see if % is a reserve word or is product code chopping something before or after or encoding %.

     

    You'd be better off raising a Support case as well. Just add this link in the Support and save you the hassle of explaining from ground zero. You'd need to provide fiddler trace, webagent.log, webagenttrace.log, smps.log, smaccess.log, smtracedefault.log and most important for now just use login.fcc to prove OOB doesn't work.



  • 5.  Re: Unable to login from login.fcc if Password contains certain special characters
    Best Answer

    Posted Apr 25, 2018 10:44 AM

    •urlencode(name)
    Replaced by the URL encoded value of the named variable.

    If you expect the additional attributes or the Password to contain special characters (" . & = + ? ; / : @ = , $ %), URL-encode each additional attribute value in the .fcc template file. The template uses US-ASCII encoding.

     

    more info:

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/authentication-schemes/configure-html-forms-authentication



  • 6.  Re: Unable to login from login.fcc if Password contains certain special characters

    Posted Apr 25, 2018 01:23 PM

    Hi Shawn,

    I also tried the same and it worked