OIDC Partnership and dynamic Redirect URI.
search cancel

OIDC Partnership and dynamic Redirect URI.

book

Article ID: 277037

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

Implementing OIDC partnership with Policy Server and CA Access Gateway (SPS) acting as Authorization Provider:

How to set a different target URL for the same client?

How to configure the client to have a dynamic Redirect URI for the same client? The dynamic Redirect URI isn't predictable.

Environment

Version: 12.8.xx and 12.9 (Applicable to all the supported releases)
Component: SMFED (Federation OIDC)

Resolution

In the AdminUI, from the OIDC Client configuration page, it's possible to define a table of possible Redirect URIs for a specific client (1).

The OIDC client (requester) should provide an OIDC Redirect URI.

Note that using wildcards isn't possible at the moment, and the full URLs should be defined in the mapping.

When leaving the Redirect URIs parameter empty and saving the configuration, the AdminUI returns an error in the browser:

Error: Redirect URI should not be empty

When setting a Redirect URI with a wildcard in the Redirect URIs parameter such as:

https://*.example.com
https://?.example.com

clicking on the "Add" button, the AdminUI returns another error:

Invalid URI format

and the configuration cannot be saved;

To enhance this functionality to accept wildcards and such dynamic Redirect URIs, open an Enhancement Request (Idea) (2).

Additional Information

  1. Redirect URIs
    OIDC Clients Dialog

  2. Creating an Idea/Enhancement Request for SiteMinder
    Creating an Idea/Enhancement Request for SiteMinder

 

Powered by Wolken Software