Web Agent Guides › Web Agent Configuration Guide › Control Inbound URL Processing › Query String Encryption of Redirect URLs

Query String Encryption of Redirect URLs

When a Web Agent communicates with credential collectors, such as the FCC and SCC, the Password Services application (CGI or JSP), or a Cookie Provider, it uses protocol parameters that are shown in clear text in the redirection URL.

The Web Agent can now encrypt all SiteMinder query parameters in a redirect URL, further securing Agent interactions.The Web Agent is only encrypts data sent between SiteMinder components, not for redirects to non-SiteMinder applications.

When query string encryption is enabled, the Web Agent encrypts query data when it returns a 302 redirect response to the browser. The 302 response redirects the user to another SiteMinder resource.

All the query parameters are grouped into a single query parameter called smquerydata. When the SecureUrls parameter is enabled, SiteMinder denies access to any request that does not have an encrypted smquerydata parameter, where required.

The SecureUrls feature is not supported when any of the following parameters are enabled:

• FCCCompatMode

  Enable an FCC/NTC to serve up forms for resources protected by 4.x Web Agents or third party applications.

  Note: SMUSRMSG is supported for the custom authentication scheme only when FCCCompatMode set to yes.
  Default: (traditional agents) Yes

  Default: (framework agents) No

  Important! Setting this parameter to no removes support for version 4.x of the Netscape browser.

• LegacyEncoding

  Forces the Web Agent to replace any dollar sign ($) characters in legacy URLs with a hyphen (-). This also ensures backwards comparability with MSR, Password Services, and DMS. When this parameter is set to no, a Web Agent converts the string $SM$ to -SM-. When this parameter is set to yes, the Web Agent does not convert the dollar sign ($) character.

  Default: (Framework Agents) No

  Default: (Traditional Agents) Yes

If the SecureUrls parameter is set to yes, the Web Agent ignores the values of the previous parameters, even if they are set to yes. When this happens, these parameters have a value of no in the Agent logs, regardless of their settings in the configuration object or configuration file, as shown in the following example:

[12/Jul/2005:05:23:57-975-1-0] SecureUrls: 'YES'
[12/Jul/2005:05:23:57-975-1-0] FccCompatMode: 'NO'
[12/Jul/2005:05:23:57-975-1-0] LegacyEncoding: 'NO'