Do we have any ACO Parameter in Siteminder Policy Server, where in the Policy Server Inspects all the target URL/ Orinal Target to allow requests from the list of Domains. In short whiteliested Domains which are allowed in the enterpirse.
EX : https://my.login.domain.com/login.jsp&Target=https://youtube.com.
We have to block this open redirection to URLs that are not white listed.
Yes, we do.
Help Prevent Attacks - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
To configure agents to help protect your resources from phishing attempts that could redirect users to a hostile website, set the following configuration parameter:
Specifies the domains to which a credential collector is allowed to redirect users. If the domain in the URL does not match the domains set in this parameter, the redirect is denied.
All advanced authentication schemes, including forms credential collectors (FCCs) support this parameter.
The ValidTargetDomain parameter identifies the valid domains for the target during processing. Before the user is redirected, the agent compares the values in the redirect URL against the domains in this parameter. Without this parameter, the agent redirects the user to targets in any domain.
The ValidTargetDomain parameter can include multiple values, one for each valid domain.
For local agent configurations, specify an entry, one entry per line, for each domain, for example:
Let me know if that solves your requirement ?
Thanks for quick Response. Good to know that we have some of these covered already. Will work on these params and will respond back .