How to prevent the SMPORTALURL to be modified to an undesired site ?

Document ID:  TEC1854736
Last Modified Date:  08/02/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Releases

  • CA Single Sign-On:Release:12.52 SP1
  • CA Single Sign-On:Release:12.7

Components

  • SITEMINDER -WEB AGENT FOR APACHE:SMAPC
Question:

I'd like to validate the value of SMPORTALURL before the browser getting redirected to it. This is to prevent the request to be directed to a undesired site. How I can do it?

 

Answer:

  You can implement ACO parameter SecureURLs to make the SMPORTALURL not modificable. You can also take a look to a specific functionality to encrypt only the value of SMPORTALURL.

 

  There's a functionality to avoid the modification or the addition of an undesired value for that Parameter. You can encrypt the value of the SMPORTALURL. From documentation : 

 

  Specify if the single sign-on service must encrypt only the SMPORTALURL query parameter in Use Secure Authentication URL.

 

  An encrypted SMPORTALURL prevents a malicious user from modifying the

  value and redirecting authenticated users to a malicious website. The

  SMPORTALURL is appended to the Authentication URL before the browser

  redirects the user to establish a session. After the user is

  authenticated, the browser directs the user back to the destination

  specified in the SMPORTALURL query parameter.

 

  If you select this option, complete the following steps:

 

  Set the Authentication URL field to the following URL: 

 

  https://idp_server:port/affwebservices/secure/secureredirect 

 

  R12.7 Documentation

 

  This feature is available on Federation 12.7, and it's also available in Federation 12.52SP1CR06:

 

  00355124 00454067 DE159107 DE198549 SMPORTALURL query value can be

  manipulated as it does not get encrypted while redirecting to

  redirect.jsp

 

  Defects fixed in R12.52 SP1 CR06

 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >