|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle|
RSA Version/Condition: 7.1.1
|Issue||Starting in RSA Identity Governance & Lifecycle 7.1.1, custom JSP files may be uploaded to either a secured (private) area or an external (public) area. The external area is meant for JSP files that are needed prior to the user logging in such as a password reset action. It is recommended that all other JSP files be uploaded to the secured area. In the user interface, go to Admin > User Interface > Files tab > JSP Pages / External JSP Pages > Upload.|
In RSA Identity Governance & Lifecycle request forms, validation URIs that point to JSPs in the non-secured (external) area work as expected. However, if the validation URIs point to JSPs in the secured area, they fail to validate the input.
The example below illustrates this issue. A JSP file called numeric_validate.jsp has been created to validate that the input to a request form text field be a number. This JSP file has been uploaded to both the secure area and the external area. The request form text field has a validation URI that points to the JSP file. When the validation URI points to the JSP file uploaded to the external area, the validation occurs. When the validation URI points to the JSP file uploaded to the secure area, the validation fails.
Contents of the JSP file:
The JSP file has been uploaded to both the secure (JSP Pages) and external (External JSP Pages) areas:
A request form has been defined with a single text field.
Note that the text field has a validation URI defined that points to the JSP stored in the external area. This validation occurs correctly.
However, when the validation URI is modified to point to the JSP file stored in the secure area, the validation does not occur and the user is redirected to the home page.
|Cause||This is a known issue reported in engineering ticket ACM-98192.|
|Resolution||This issue is resolved in the following RSA Identity Governance & Lifecycle versions and/or patch levels:|