Symantec Access Management

 View Only
  • 1.  Siteminder issue with BookMarked URL

    Posted Oct 01, 2015 11:25 AM


    Some of our customers are using book marked URL to access our application. After successful authentication, those customers are getting 500 error or internal server error. We know that it is due to the book mark contains encrypted agent name and after key-rollover this agent name becomes invalid. Please let me know how to fix this issue?

  • 2.  Re: Siteminder issue with BookMarked URL

    Posted Oct 01, 2015 04:11 PM

    Rahul rahulk.s


    One solution is educate the customer which URLs to bookmark. They should not be bookmarking the Login Page. They should be bookmarking the TARGET URL only. This behavior occurs when Customer bookmark the Login Page because at times that is the first page that they see. They never see the redirection that occurred and the query parameters that get appended.


    The other solution is change the Login Journey OR URL, such that the initial page is not a redirect. Example an unprotected Landing Page with a login widget OR a login link. This way the Users bookmark the Unprotected landing page, which would be a static application page URL.






  • 3.  RE: Re: Siteminder issue with BookMarked URL

    Posted May 23, 2021 07:22 PM

    I know this is a old thread but were you able to fix the issue with bookmarked URL? I have upgraded the siteminder and users have bookmarked the complete URL and they are getting Error 500- Internal Server Error.


  • 4.  RE: Re: Siteminder issue with BookMarked URL

    Broadcom Employee
    Posted May 24, 2021 10:00 PM

    Hi Shagun,

    This is one of several reasons that many customers use an active page (.jsp, .aspx) for their login page rather than .fcc or .html (the login page will post the creds to a .fcc page).  An active login page can have custom code to detect conditions such as request from a bookmark versus redirection (I'm assuming the bookmarked request would have no Referrer header, but there are likely other ways to detect such a request.

    I hope this helps.