search cancel

OIDC userconsent not working after changing the FWS base from the default affwebservices

book

Article ID: 229479

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

- OIDC setup with Siteminder Authorization provider    (12.8 SP5 for both AG and PS and any 12.8x )
- User consent in enabled (by Default) 

- For security Reason , client changed the federation base from "affwebservices"   to "fed" in their server.conf as indicated below 

 <federation>
  enablefederationgateway="yes"
  fedrootcontext="fed"
  authurlcontext="siteminderagent/redirectjsp"
  allowlinking="no"
  protectedbackchannelservices="saml2artifactresolution,saml2certartifactresolution,saml2attributeservice,saml2certattributeservice,assertionretriever,certassertionretriever"
 </federation>
 
 
- Everything is working except the userconsent redirect is being generated still to  -->    /affwebservices/CASSO/oidc/userconsent     instead of /fed/CASSO/oidc/userconsent   which is resulting with 404 Error not found 

Environment

Release : 12.8.0x

Component : SITEMINDER FEDERATION END POINT

Resolution

DEV Fix was provided within  DE520066  to remove the hardcoded URL for --> String USER_CONSENT_SERVICE_URL = "/affwebservices/CASSO/oidc/userconsent";


Please open a case with Siteminder support and provide the version you are on so we can provide you with a Fix