Encrypt Query String Parameters in Redirection URLs

The followingparameter enables the Web Agent to encrypt all stmndr query parameters in a redirect URL:
casso1283
The followingparameter enables the Web Agent to encrypt all 
SiteMinder
 query parameters in a redirect URL:
SecureURLs
Specifies whether the Web Agent encrypts the 
SiteMinder
 query parameters in a redirect URL. You can use this setting to provide additional security for requested resources protected by an advanced authentication scheme, Password Services, or when a request invokes the Cookie Provider.
The Web Agent only encrypts data sent between
SiteMinder
components. The data sent for redirects to non-
SiteMinder
applications is not encrypted.
The following 
SiteMinder
 credential collectors and applications support the SecureUrls functionality:
  • HTML Forms authentication
  • Cert And Forms authentication
  • SSL Authentication
  • Cert or Forms authentication
  • NTLM authentication
  • ACE authentication
  • SafeWord authentication
  • User self registration
  • Multi-domain Single Sign-on with Cookie Provider
  • FCC-based Password Services (not CGI- or JSP-based)
Default:
 No
Follow these steps:
  1. Set the value of the SecureURLs parameter to yes.
  2. To encrypt query string parameters in redirection URLs within a single sign-on environment, ensure that all Web Agents in the single sign-on environment have the SecureURL parameter set to the same value.
  3. If you are using custom FCCs, add the smquerydata directive with the other FCC directives (such as TARGET) to the custom FCC.
    Query string parameters are encrypted in 
    SiteMinder
     redirection URLs.