When the SiteMinder Identity Provider Discovery Service receives a request for the common domain cookie, the request includes a query parameter named IPDTarget. An unauthorized user can place any URL in this query parameter and cause a redirection to a malicious site.
To protect the IPDTarget query parameter against attacks, there is a new configuration parameter named ValidFedTargetDomain, which lists all valid domains for your federated environment. When the IPD Service examines the IPDTarget query parameter, it obtains the domain of the URL specified by the query parameter. The IPD Service compares this domain to the list of domains specified for the ValidFedTargetDomain parameter to confirm it is a legitimate domain.
For more information, see the Federation Security Services Guide.
|
Copyright © 2012 CA.
All rights reserved.
|
|