Symantec Access Management

Hi Folks,

I have a strange issue here and haven't had luck getting answer or help from CA Support so turning to good trusty CA Community for help.

This should be pretty straight forward but potentially be some kind of web agent bug because the agent is complaining of BAD CSS/URL character detected but these parameters are disabled in the ACO.

SMPS = r12.52 SP1 CR05 REHL

Apache web agent = r12.0 SP3 CR10 REHL

There are two ACO Parameters for CSS Checks.

BadCssChars=<Character List>.

CSSChecking=YES/NO.

If we set

#BadCssChars=<Character List>.

CSSChecking is not defined in ACO.

It means CSSChecking is enabled by default. And WebAgent will perform CSSChecking against an inbuilt hardcoded list even though BadCssChars is disabled.

Did we set CssChecking=NO, restart WebAgent and try?

The AgentLog show no CSSChecking value. Which means WebAgent would use "default' i.e. YES.

Reference : 

Help Prevent Attacks - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

Hubert,

You are absolutely correct!

I thought that if I "disable" the CSSchecking parameter with the "#" flag then that would disable CSSchecking, but apparently if I disable the parameter then it gets "enable" by default.  To resolve, I remove the "#" flag for this parameter and then gave it a value of "no" and this indeed disabled the CSSchecking.

Much thanks for the help and fast response!

Duc Tran.