We have recently configured the siteminder solution as OIDC authorization provider and configuring a client for Authorization code grant flow.
While making a request to /authorization end point , we are successfully able to obtain code on the configured redirect_uri (hitting a get request in browser and after successful user challenge/authentication)
After that , when we are requesting a POST on /token endpoint , it loads the login page configured for our authentication scheme.
Are we supposed to add SMSESSION cookie to the POST request?
Are any other cookies required in this request?
Do you have any sample request response formats for this use case?
Release : 12.8
Component : SiteMinder
In the POST request SMSESSION cookie is nor required. But you need to provide authorization code in the request. Without it such error is returned:
"error_description": "Specify authorization_code as grant_type."
POST request should have the following headers:
POST data, something like this:
NDBiM2MwOGEtNDkIUNBJxNy00YjZmLThlNj MtMmFiNjViNjU5MDY4LVRXTE5vTwfw241 Q2lyOFRmR2wwcFhHaHAwR0Rqaz0%3D