search cancel

OIDC Provider Introspect Endpoint, strange data type is created

book

Article ID: 111723

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When requesting to Introspection TokenEndpoint (/affwebservices/CASSO/oidc/introspect), CA Access Gateway response "active" parameter as string data type.
But  "active" parameter is string data type, but according RFC 7662(https://tools.ietf.org/html/rfc7662) , data type of "active" parameter should be boolean.
 
{"active":"true","clientId":"1776f765-64bd-4255-8945-8342472945c0","tokenType":"access_token","scope":"openid","sub":"CN=Mike Lott,CN=Users,DC=mydomain,DC=co,DC=jp","exp":"1533031215","iat":"1533027315","iss":"https://testhost.ca.com"}
 
 

Environment

Product Name=CA Access Gateway
FullVersion=12.80.0000.1761
Version=12.80
Update=0000
Build Number=1761

Resolution

These issue is CA Access Gateway bug, and it will be fixed in 12.8.02.

Additional Information

Introspection Token Endpoint:
https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/use-ca-single-sign-on-as-openid-connect-provider/authentication-using-authorization-code-flow#AuthenticationUsingAuthorizationCodeFlow-IntrospectionTokenEndpoint