OBIEE 11g - GoURL With SiteMinder SSO Enabled - Error "Due To The Presence Of Characters Known To Be Used In Cross Site Scripting Attacks, Access Is Forbidden"
Last updated on MARCH 02, 2016
Applies to:Business Intelligence Suite Enterprise Edition - Version 188.8.131.52.5 and later
Information in this document applies to any platform.
- OBIEE with Siteminder
- You are setting an OBIEE Presentation variable through the GoURL.
- Siteminder is blocking the ' single quote character in the URL and sends an error: "Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags."
- Here is the problematic URL:
- The area causing the error is:
- &var2=dashboard.variables%5B'FMRID'%5D. The same happens when we encode the ' character as %27.
- Is there an alternate way to set a presentation variable in the goURL to resolve the issue? This happens in all versions of OBIEE.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms