Error in Advanced Search Workflow Approvers: "A Potentially Dangerous Request.Form Value Was Detected" (4377799)

When using Advanced Search in a Workflow Approval in the Active Roles Web Interface for an approver registered with Password Manager, the following error is encountered:

A potentially dangerous Request.Form value was detected from the client

A similar Knowledge Base article addressing a different scenario has already been published. Please review the following for additional context: A potentially dangerous Request.Form value was detected from the client

This issue occurs due to improper handling of the Comment attribute on the User Object, which contains Password Manager encrypted data. The data is blocked by web security mechanisms such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) during GET/POST requests.

WORKAROUND

A temporary solution is to add a Deny Permission for the Active Roles Service Account on the Comment attribute of all users. Alternatively, you can specifically target the group of approvers:

1. Open Active Directory Users and Computers (ADUC).
2. Target the entire domain or the relevant Organizational Units (OUs) for service account to modify read permission (basically where the approver in an approval Workflow resides for example)
3. Add a Deny Read Permission for the comment attribute on the Active Roles service account.
4. Restart the Active Roles Administration Service host to apply the changes, and then test to confirm that the workaround is functioning as expected.

STATUS

Defect 471888 has been issued to fix this issue in the future release of the product.