How to bypass siteminder for url containing single quote?

Question 1

I don't think that URI encoding will work -- Siteminder is smart enough to figure that out. Some other kind of encoding, like base64, or just replacing apostrophes with something else and then replacing it back on the server side. Alternatively you can disable the BadCSSChar checking for the apostrophe in the Siteminder agent configuration. Just beware that you may be opening your site up to XSS attacks and your application must be responsible for checking any user-supplied strings before displaying them on a Web page.

Question 2

Try URI encoding the single quote with %27.

Question 3

If you have code running at both ends, you can send mySingleQuoteToken and your code at the far end can detect that and replace it with a '

Pre-processing on sending side - before calling java.net.URLEncoder:

url_new = url_old.replaceAll("'", "mySingleQuoteToken");

Post-processing on receiving side - after calling java.net.URLDecoder:

url_new = url_old.replaceAll("mySingleQuoteToken", "'");

Question 4

Below steps should help you solve the problem.

Enclose the fields name and age inside a HTML form
Specify the URL without query parameters using action attribute.
Specify the method as POST using method attribute.
Specify the enctype as application/x-www-form-urlencoded using enctype attribute

Enter the values and submit the form.

<form action="/myapp/list.jsp" method="post" enctype="application/x-www-form-urlencoded">
    <input type="text" id="name" name="name" value=""/>
  <br/>
  <input type="text" id="age" name="age" value=""/>
  <br/>
  <input type="submit"/>
</form>