Previous Topic: SAML 2.0 Error Message For SSO Service Too Detailed (74355, 83122)

Next Topic: Session Cookie is not Marked as Secure by the Assertion Cosumer Service (74449, 83124)

Authentication URL Open to Malicious Attacks (74278, 76976, 83114, 83117)

Symptom:

The SMPORTAL query parameter in the Authentication URL is subject to malicious modification when a user is redirected to be authenticated and establish a SiteMinder session.

STAR Issue: 17429022-01

Solution:

The SMPORTAL query parameter can now be encrypted to prevent malicious attacks by using the new Use Secure URL feature. For details about this feature, see the Federation Security Services Guide.


Copyright © 2010 CA. All rights reserved. Email CA about this topic