OIDC Provider Introspect Endpoint, strange data type is created
Article ID: 111723
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
When requesting to Introspection TokenEndpoint (/affwebservices/CASSO/oidc/introspect), CA Access Gateway response "active" parameter as string data type.
But "active" parameter is string data type, but according RFC 7662(https://tools.ietf.org/html/rfc7662) , data type of "active" parameter should be boolean.
But "active" parameter is string data type, but according RFC 7662(https://tools.ietf.org/html/rfc7662) , data type of "active" parameter should be boolean.
{"active":"true","clientId":"1776f765-64bd-4255-8945-8342472945c0","tokenType":"access_token","scope":"openid","sub":"CN=Mike Lott,CN=Users,DC=mydomain,DC=co,DC=jp","exp":"1533031215","iat":"1533027315","iss":"https://testhost.ca.com"}
Environment
Product Name=CA Access Gateway
FullVersion=12.80.0000.1761
Version=12.80
Update=0000
Build Number=1761
FullVersion=12.80.0000.1761
Version=12.80
Update=0000
Build Number=1761
Resolution
These issue is CA Access Gateway bug, and it will be fixed in 12.8.02.
Additional Information
Introspection Token Endpoint:
https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/use-ca-single-sign-on-as-openid-connect-provider/authentication-using-authorization-code-flow#AuthenticationUsingAuthorizationCodeFlow-IntrospectionTokenEndpoint
https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/use-ca-single-sign-on-as-openid-connect-provider/authentication-using-authorization-code-flow#AuthenticationUsingAuthorizationCodeFlow-IntrospectionTokenEndpoint
Feedback
Yes
No
Powered by
