OIDC userconsent not working after changing the FWS base from the default affwebservices in SPS
search cancel

OIDC userconsent not working after changing the FWS base from the default affwebservices in SPS

book

Article ID: 229479

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

  • OIDC setup with Siteminder Authorization provider;
  • User consent in enabled (by Default);
  • For security reason, the federation base has been changed from "affwebservices" to "fed" in the CA Access Gateway (SPS) server.conf as indicated below:

    <federation>
    enablefederationgateway="yes"
    fedrootcontext="fed"
    authurlcontext="siteminderagent/redirectjsp"
    allowlinking="no"
    protectedbackchannelservices="saml2artifactresolution,saml2certartifactresolution,saml2attributeservice,saml2certattributeservice,assertionretriever,certassertionretriever"
    </federation>

  • Everything is working except the userconsent redirect is being generated still to

    /affwebservices/CASSO/oidc/userconsent

    instead of

    /fed/CASSO/oidc/userconsent

    which is resulting in the browser with the HTTP response:

    404 Error not found.

Resolution

Upgrade the CA Access Gateway (SPS) at least to version 12.8SP7 to benefit from the fix DE520066 and solve the issue (1).

Additional Information

Powered by Wolken Software