Environment
- Access Manager 4.5.1
Situation
- After upgrading Access Manager to 4.5 SP1 iManager returns "HTTP Status 400 – Bad Request" while navigating to: Admin => Manage Roles and Tasks => Access Manager trying to edit the following options:
- Identity Servers
- Risk-based Policies
- Business to Consumer
- Code Promotion
Resolution
- This issue has been addressed to engineering in will be fixed with the next release
- You can apply the fix yourself by
- change into the "/var/opt/novell/iManager/nps/portal/modules/dm/skins/default/devices/default/" directory
- create a backup copy of the existing "GenericTask.jsp"
- modifying the "GenericTask.jsp" file by changing:
String location = request.getParameter("location");
// Fix for XSS - bug 1126954
location = InputSanitizer.getSanitizedStr(URLEncoder.encode(location, "UTF-8")
.replaceAll("%2F", "/")
.replaceAll("%3F", "?")
.replaceAll("%3D", "=")
.replaceAll("%26", "&"));
to:
<%
String location = request.getParameter("location");
// Fix for XSS - bug 1126954
location = InputSanitizer.getSanitizedStr(URLEncoder.encode(location, "UTF-8")
.replaceAll("%2F", "/")
.replaceAll("%3F", "?")
.replaceAll("%3D", "=")
.replaceAll("%26", "&")
.replaceAll("%25", "%")); - resstart the Access Manager Console server by running "/etc/init.d/novell-ac restart"