Symantec Access Management

Expand all | Collapse all

Whitelisting Domains in Siteminder Policy Server

Jump to Best Answer
  • 1.  Whitelisting Domains in Siteminder Policy Server

    Posted 09-11-2017 09:29 PM

    Do we have any ACO Parameter in Siteminder Policy Server, where in the Policy Server Inspects all the  target URL/ Orinal Target  to allow requests from the list of Domains. In short whiteliested Domains which are allowed in the enterpirse.



    EX :


    We have to block this open redirection to URLs that are not white listed.


    Thank you


  • 2.  Re: Whitelisting Domains in Siteminder Policy Server
    Best Answer

    Posted 09-11-2017 09:32 PM

    Hi Navin,


    Yes, we do.


    Help Prevent Attacks - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 


    Define Valid Target Domains

    To configure agents to help protect your resources from phishing attempts that could redirect users to a hostile website, set the following configuration parameter:


    Specifies the domains to which a credential collector is allowed to redirect users. If the domain in the URL does not match the domains set in this parameter, the redirect is denied.

    Default: No.

    All advanced authentication schemes, including forms credential collectors (FCCs) support this parameter.

    The ValidTargetDomain parameter identifies the valid domains for the target during processing. Before the user is redirected, the agent compares the values in the redirect URL against the domains in this parameter. Without this parameter, the agent redirects the user to targets in any domain.

    The ValidTargetDomain parameter can include multiple values, one for each valid domain.

    For local agent configurations, specify an entry, one entry per line, for each domain, for example:



    Let me know if that solves your requirement ?




  • 3.  Re: Whitelisting Domains in Siteminder Policy Server

    Posted 09-11-2017 10:03 PM

    Hi Ujwol,


    Thanks for quick Response. Good to know that we  have some of these  covered already. Will work on these params and will respond back .