We're running CA Access Gateway (SPS), and implementing "Authorization
Endpoint Returns URL Encoded Response", we see that the response
gets double encoded :
The CA Access Gateway (SPS) gets Authorization request as :
/affwebservices/myapp/oidc/authorize?SMASSERTIONREF=QUERY&response_type [...] &state=38271818-e3fe-4889-af3d-e2625cfee837%2COIDC
The CA Access Gateway (SPS) replies as :
/commonauth? [...] &state=38271818-e3fe-4889-af3d-e2625cfee837%252COIDC
The state value gets double URL-encoded:
Decoded ONCE: state=38271818-e3fe-4889-af3d-e2625cfee837%2COIDC
Decoded TWICE: state=38271818-e3fe-4889-af3d-e2625cfee837,OIDC
So the API gateways is not be able to interpret this and understand
that it needs to doubledecode.
How can we fix this ?
Upgrade the CA Access Gateway (SPS) to version 12.8SP3 or 14.