Previous Topic: SAML 2.0 Error Message For SSO Service Too Detailed (74355, 83122)Next Topic: Session Cookie not Marked Secure by the Assertion Consumer Service (74449, 83124)

Release NotesFederation Security Services Release NotesFixes in r12 SP1 and SP2Authentication URL Open to Malicious Attacks (74278, 76976, 83114, 83117)

Authentication URL Open to Malicious Attacks (74278, 76976, 83114, 83117)

Symptom:

The SMPORTAL query parameter in the Authentication URL is subject to malicious modification when a user is redirected to be authenticated and establish a SiteMinder session.

STAR Issue: 17429022-01

Solution:

The SMPORTAL query parameter can now be encrypted to prevent malicious attacks by using the new Use Secure URL feature. For details about this feature, see the Federation Security Services Guide.