Passwords containing "$%" will now work correctly with fcc forms authenication.

Document ID : KB000050879
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With SiteMinder Web Agent R12-SP2-CR01 and 6.0-SP6-CR01 -
If the user's password contains dollar character immediately followed by percentage character like- $% then the user is not authenticated by SiteMinder even if the password entered is correct and valid and FCC forms authentication scheme is used.

For example: If the Password entered is "$%" or "$%1334" then challenge manager exits and user does not gets authenticated.

NOTE: The issue only happens when the Dollar character is followed by percentage character.

The Issue does not occurs when

  1. If the password contains special character "%$".
  2. If the password contains special character "$12345%".
  3. Basic Authentication is working fine.
  4. R12 SP2 version of Web agent is working fine.

Solution:

This issue is fixed in web agent version- R12-SP3 CR1 and 6.0 SP6-Rr2. The issue was due to incorrect decoding of special characters in the password.

After this fix; if the password contains $% then the user is correctly authenticated by SiteMinder.

These additional scenarios with different Characters in password will now work fine after the fix.

  1. $$
  2. $%
  3. $=
  4. -=
  5. -%
  6. -$