Symantec Access Management

  • 1.  [SSO] Encoding TARGET

    Posted Aug 20, 2017 10:53 PM

    Hi

     

    When I set the TARGET=http://sso.acme.vm/index.html then it redirects to http://sso.acme.vm/index.html which is expected.

     

    When I set the TARGET=http://dev-sso.acme.vm/index.html then it redirects to http://devsso.acme.vm/index.html. The dash '-' is missing in the FQDN.

     

    When I set the TARGET=http://dev--sso.acme.vm/index.html (double dash) then it redirects to http://dev-sso.acme.vm/index.html (single dash). 

     

    If i follow this thread: How the SiteMinder Webagent encode & decode URLs  it doesn't say anything about single dashes being removed.

     

    This if for LEGACY encoding=false.

     

    How should it be encoded properly? 

     

    Cheers

    -huy



  • 2.  Re: [SSO] Encoding TARGET
    Best Answer

    Posted Aug 21, 2017 02:26 AM

    Hi, Huy.

     

    It appears you are manually generating a TARGET url.

    If you did access http://dev-sso.acme.vm/index.html where the server has a dash/hyphen in it, then the Agent that is protecting that server would have encoded it as below.

     

    TARGET=-SM-http%3a%2f%2fdev--sso%2eacme%2evm%2findex%2ehtml

     

    It is an expected behavior that your TARGET=http%3a%2f%2fdev-sso%2eacme%2evm%2findex%2ehtml (note: only 1 hyphen) would redirect to http://devsso.acme.vm/index.html (note: no hyphen in the servername) because the agent would have removed its encoding character.

     

    It would be safer approach to see how the target agent would construct the TARGET when redirecting to the login page and determine what should be the value of the TARGET.

     

    Regards,

    Kim



  • 3.  Re: [SSO] Encoding TARGET

    Posted Aug 21, 2017 07:14 PM

    Thank Kim

     

    Yes definitely manually setting it. The plan is to use what the Agent generates eventually. Due to the use of X509 PWP module there is a double redirect thus making it more confusing what it sets.

     

    I guess my point is I don't see it documented anywhere that the agent will remove single hyphen.

     

    Cheers

    -huy



  • 4.  Re: [SSO] Encoding TARGET

    Posted Aug 23, 2017 02:56 AM

    Given that hyphen  is being used as delimiter character I think it was considered self explanatory that it would remove single hyphen. But, I agree it would be better to have that mentioned explicitly.



  • 5.  Re: [SSO] Encoding TARGET

    Posted Aug 24, 2017 03:20 AM

    I remember a tech note from support around encoding the target URL, along with some Javascript encoding and decoding functions. Will look it up later.



  • 6.  Re: [SSO] Encoding TARGET

    Posted Aug 29, 2017 03:04 PM

    Found the tech note, TEC555131, but no JavaScript