IBM Support

ISAM Appliance Reverse Proxy can apparently only decode URL Query Strings as UTF-8

Troubleshooting


Problem

Setting utf8-qstring-support-enabled = no on the ISAM Web Gateway Appliance will no longer work as it did on the software stack versions of TAM and ISAM

Symptom

Customers that are migrating from software stack versions of Tivoli Access Manager (TAM) or IBM Security Access Manager (ISAM) to the Web Gateway Appliance, and have been using the decode-query Stanza Entry in webseald.conf to enable URL Query String Validation, will find that they can no longer configure the ISAM Reverse Proxy to interpret URL Query Strings as any character mapping / codepage other than UTF-8 .

The utf8-qstring-support-enabled Stanza Entry will cause URL Query Strings to be interpreted as UTF-8, regardless of whether this Stanza Entry is set to yes, no, or auto.

The symptom that is seen is that when URL Query Strings are sent in requests to the Reverse Proxy, and the query uses characters that are outside the 7-bit ASCII range, these characters must be encoded as UTF-8. If they are encoded using a different character mapping / codepage, such as ISO-8859-1, they will either be interpreted as the wrong character, or they will not map to a valid character in UTF-8 and the Reverse Proxy will respond with an "HTTP Status 400 Bad Request" error.

The text entered into fields on Web Page Forms, and the related Stanza Entry utf8-form-support-enabled, are also affected in the same way.

[{"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Reverse Proxy","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0.0;8.0.1;9.0.0;9.0.1.0;9.0.2.0;9.0.3","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

More support for:
IBM Security Access Manager

Software version:
8.0.0, 8.0.1, 9.0.0, 9.0.1.0, 9.0.2.0, 9.0.3

Operating system(s):
Appliance

Document number:
298769

Modified date:
16 June 2018

UID

swg22009998

Manage My Notification Subscriptions