Customer has integrated for few applications using OIDC configuration and is trying to use the revocation endpoint url.
However it gives error 400 bad request when accessing /affwebservices/CASSO/oidc/client_name/revoke using TLSv1.2 POST.
FWSTrace.log shows:
[01/06/2022][19:22:57][1152][4632][23c7093f-816d978f-07c7201a-f1bf1ec8-ee15ba56-1b2][OpenIDConnectServiceBase.java][sendJSONErrorResponse][ Sending error JSON message:
{"error":"invalid_request","error_description":"Client credentials are invalid."}
with error code:400]
Interestingly, when comparing what is submitted via OIDC client app, with OIDC client configuration on SiteMinder side, the Client id and secret content are matched.
Release : 12.8
Component : SITEMINDER SECURE PROXY SERVER
Misconfiguration on SiteMinder side OIDC client configuration.
OIDC client defines Authentication Type in admin ui.
Specifies the mechanism that must be used for authenticating the client.
Select Basic to send the client credentials in the authorization header.
Select POST to send the client credentials in POST body.