Configured the siteminder solution as OIDC authorization provider and configuring a client for Authorization code grant flow.

While making a request to /authorization endpoint , user successfully able to obtain code on the configured redirect_uri (hitting a get request in browser and after successful user challenge/authentication)

After that , the user requesting a POST on /token endpoint , it loads the login page configured for our authentication scheme.

Is it supposed to add a SMSESSION cookie to the POST request?

Are any other cookies required in this request?

Any sample request response formats for this use case?

Release : 12.8.xx (Applicable to all the supported releases)
Component : FEDMA : SiteMinder Federation(Federation Manager)

In the POST request SMSESSION cookie is nor required.

But user must provide authorization code in the request. Without it such error is returned:

{
"error": "invalid_request",
"error_description": "Specify authorization_code as grant_type."
}

POST request should have the following headers:

content_type=application/x-www-form-urlencoded
basic_auth=(null)
bearer_token=(null)
ssl_validate_server=0
timeout=60
outgoing_proxy=(null)
pass_cookies=0
ssl_cert=(null)
ssl_key=(null)
referer: https://refererURL/

POST data, something like this:

grant_type=authorization_code
code=<encrypted data>
redirect_uri=https%3A%2F%2Fexample.com%2Fprotected%2Fredirect
state=####
client_id=####
client_secret=####