HTTP GET request is made to https://<AG Server>.example.com/affwebservices/CASSO/oidc/sample_client/revoke
The response is:
{"error": "invalid_request","error_description":"GET request is not allowed."}
Broadcom Access Gateway 12.8 ANY
The OIDC standard stipulates:
https://datatracker.ietf.org/doc/html/rfc7009
"The client requests the revocation of a particular token by making an
HTTP POST request to the token revocation endpoint URL. This URL
MUST conform to the rules given in [RFC6749], Section 3.1. Clients
MUST verify that the URL is an HTTPS URL."
Using POST for passing the input parameter to revocation endpoint is more secure.
Broadcom SiteMinder and many other vendors only support HTTP POST to the revocation endpoint url.
SiteMinder documentation has examples for this.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/use-siteminder-as-openid-connect-provider/authentication-using-authorization-code-flow.html#concept.dita_00b756e30ce1599f89d9e9fb3e45f0491a4234e4_RevocationTokenEndpoint
The solution is asking the application owner to send a HTTP POST request to revocation endpoint url instead of a GET.
https://datatracker.ietf.org/doc/html/rfc7009
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/use-siteminder-as-openid-connect-provider/authentication-using-authorization-code-flow.html#concept.dita_00b756e30ce1599f89d9e9fb3e45f0491a4234e4_RevocationTokenEndpoint