HCL Connections | Product Ideas Portal

Welcome to the HCL Connections Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by the HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events, please visit our HCL Connections page.

For Wikis page URI, encode the fragment identifier hash sign (#) to '%23' in order to avoid being blocked by SiteMinder

Computer Associates Siteminder still flags the # (hash sign) as an unsafe character in URLs for Internet.
Siteminder enforces this rule when passing URL: it blocks the wiki application.
The "#" is present in the vanilla wiki URI's query parameter portion (after the '?') for Connections.
This behavior seems to only occur with wikis.

example:

/wikis/home?lang=en-us#!/wiki/test wikis name

 

The URL is not constructed properly. To force safe web links, this # is blocked in the wiki application to conform to "Safe Rule for Internet".

When customer checked the network traffic with the web developer panel in IE and Chrome, he noticed that the browser never passes the fragment identifier (everything from the '#' and after)
to the server, as only the browser makes use of the fragment identifier.

Oddly, the vanilla login for Connections allows the fragment identifier to work, but the same process looped through SiteMinder breaks.

Either way, Connections is using 'unsafe characters' in its wiki URL construction.
This has been identified as bad practice, as documented in the IETF on URLs.

Computer Associates SiteMinder article https://comm.support.ca.com/kb/in-url-uri/kb000011822 references this issue.


See RFC1738, kb article includes resolution "# Character - This is considered as an Unsafe Character More about "unsafe" characters from RFC1738.

 

If the '#' fragment identifier is encoded to '%23', then SiteMinder does not block access and the wiki page is accessible.

 

ClearQuest case number (FEDCQ00000574) 
Submitter Name: HCL FEDERAL 
Submitter Email:  hclfederalsupport@hclgov.com 
Submitter Country: USA 
Ranking of priority: Medium 
Product Name:   Connections
  • Guest
  • Dec 13 2019
  • Needs Review
  • Attach files