My Oracle Support Banner

Integration Of OBIEE With SiteMinder - "BaddCssChars" Parameter (Doc ID 1684031.1)

Last updated on MAY 29, 2018

Applies to:

Business Intelligence Server Enterprise Edition - Version and later
Information in this document applies to any platform.


When integrating with SiteMinder (while using version 6 and about to migrate to version 12), the value of the "BadCssChars" must be blank - as documented in "TechNote_SiteMinder_SSO_Via_WLS_Plugin-1.doc".  This makes the application vulnerable to Cross-Site Scripting (XSS).

Are there any plans to address this vulnerability in future releases?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.