WebcenterSites Failed gateway redirect java.io.UnsupportedEncodingException: Redirect failed due to illegal URL http://192.168.0.100:7007/sites/wem/fatwire/wem/Welcome

Sometimes after installation and configuration of Webcenter Sites, when we try to log in, we get the 500 error with message:

javax.servlet.ServletException: Failed gateway redirect java.io.UnsupportedEncodingException: Redirect failed due to illegal URL http://172.31.129.214:7007/sites/wem/fatwire/wem/Welcome
 at com.fatwire.wem.sso.cas.filter.CASFilter.sendResponse(CASFilter.java:681)
 at com.fatwire.wem.sso.cas.filter.CASFilter.doFilter(CASFilter.java:598)
 at com.fatwire.wem.sso.SSOFilter.doFilter(SSOFilter.java:51)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
 at COM.FutureTense.Security.Common.ContentSecurityFilter.doFilter(ContentSecurityFilter.java:88)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
 at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:141)
 at java.security.AccessController.doPrivileged(Native Method)
 at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
 at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:649)
 at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:124)
 at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:232)
 at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
 at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:224)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3654)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3620)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
 at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:196)
 at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
 at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
 at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2423)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2280)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2258)
 at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1626)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1586)
 at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)
 at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
 at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
 at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
 at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
 at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:617)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:397)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)

To resolve this issue you should check, if ESAPI.properties file (in the {install directory}/bin directory) contains a line for Validator.Redirect. By default this line is set to: Validator.Redirect=^.*$

If it's all ok with ESAPI.properties file, in the next step you should verify Sites server stdout log to see from which location the ESAPI.properties file was read. The log can looks like:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Found in 'org.owasp.esapi.resources' directory: /oracle/fmw/wcportal/common/lib/ESAPI.properties
Loaded 'ESAPI.properties' properties file
SecurityConfiguration for Validator.ConfigurationFile not found in ESAPI.properties. Using default: validation.properties
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.

If the file is found before finding it in the classpath, remove that file, to make sure it is only found in the classpath (in the {install dir}/bin directory). When the valid log should looks like:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: /path/to/appserver/bin/ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
Not found in 'user.home' (C:\Users\sdasilv) directory: /home/myUser/esapi/ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader! 

Check the directories in the CS application's and appserver's classpath and make sure there is no other instance of ESAPI.properties elsewhere in the classpath.