With SiteMinder Web Agent R12-SP2-CR01 and 6.0-SP6-CR01 -
If the user's password contains dollar character immediately followed by percentage character like- $% then the user is not authenticated by SiteMinder even if the password entered is correct and valid and FCC forms authentication scheme is used.
For example: If the Password entered is "$%" or "$%1334" then challenge manager exits and user does not gets authenticated.
NOTE: The issue only happens when the Dollar character is followed by percentage character.
The Issue does not occurs when
- If the password contains special character "%$".
- If the password contains special character "$12345%".
- Basic Authentication is working fine.
- R12 SP2 version of Web agent is working fine.
This issue is fixed in web agent version- R12-SP3 CR1 and 6.0 SP6-Rr2. The issue was due to incorrect decoding of special characters in the password.
After this fix; if the password contains $% then the user is correctly authenticated by SiteMinder.
These additional scenarios with different Characters in password will now work fine after the fix.