Integration Of OBIEE With SiteMinder - "BaddCssChars" Parameter (Doc ID 1684031.1)

Last updated on JANUARY 31, 2017

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.6.12 and later
Information in this document applies to any platform.

Goal

When integrating with SiteMinder (while using version 6 and about to migrate to version 12), the value of the "BadCssChars" must be blank - as documented in "TechNote_SiteMinder_SSO_Via_WLS_Plugin-1.doc".  This makes the application vulnerable to Cross-Site Scripting (XSS).

Are there any plans to address this vulnerability in future releases?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms