000032533 - Images are missing in email notifications sent from RSA Archer 5.x due to SiteMinder configuration

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032533
Applies ToRSA Product Set: Archer

RSA Version/Condition: 5.x and higher

Platform: Windows
IssueImages are missing in email notifications and SiteMinder is used in the Archer environment.
CauseThis occurs due to SiteMinder configuration. SiteMinder allows you to list a set of character sequences that cannot be part of a URL request or CSS.
When Archer builds the URL path to the image, the forward slash is doubled (//) in some cases and SiteMinder may have blacklisted this .  
For example: '/Archer//company_files//50000//icons//ball_green.gif'
Another possible cause is SiteMinder has not excluded the /Archer/company_files path from requiring authentication.
Three directories that need to be excluded from SiteMinder: /Archer/api, /Archer/company_files, /Archer/ws.
In SiteMinder's authentication log report, the following may be logged or something similar:
URL contains BadCssChars.
URL contains invalid characters. Exiting with HTTP 500 server error '00-0002'.

For information on configuring SiteMinder check out Specify Bad URL Characters or Override the Default CSS Character Set.
Resolution
  1. Enable SiteMinder information logging to determine the characters it does not like. In this case, it will be the double slashes (//).
  2. Reproduce the issue.
  3. Check SiteMinder's authentication log report to determine if there is a bad URL or CSS character.
  4. Update the SiteMinder agent's configuration file for blacklisted characters and remove the one found in step 3.
  5. Confirm the issue no longer occurs.
The following is a snippet from a SiteMinder agent configuration.
 
NOTE: Your values may be different depending on your policies.
BadCssChars = <,>,;,',%22,(,),%00,%04,%08,%0A,%1B 
BadUrlChars = \,//,./,/.,/*,*.,~,%,%00-%1f,%7f-%ff,%

Attachments

    Outcomes