OAuth Provider's well-known endpoint returns HTTP 500 error
search cancel

OAuth Provider's well-known endpoint returns HTTP 500 error

book

Article ID: 280382

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

In SiteMinder 12.8 SP8, I configured OAuth Provider to follow the documentation: Use SiteMinder as an OAuth Provider.

Accessing the well-known endpoint resulted in HTTP 500 error.

My Provider Metadata Endpoint: 

https://<SPSServerName>.example.com:<Port#>/affwebservices/CASSO/OAuth2/<AuthorizationServeName>/.well-known/oauth-authorization-server

Environment

SiteMinder 12.8 SP08 (12.8.08)

Cause

Access Gateway log:

... [CSmHttpPlugin.cpp:859][ERROR][sm-HTTPAgent-00100] URL contains invalid characters. Exiting with HTTP 500 server error '00-0002'.
... [CSmResourceManager.cpp:151][WARNING][sm-AgentFramework-00480] HLA: Missing resource data.

The trace log:

... [CSmHttpPlugin::ValidUrlString][URL contains BadUrlChars: '/affwebservices/CASSO/OAuth2/<AuthorizationServeName>/.well-known/oauth-authorization-server'.]

In this case, BadUrlChars was set by default as follows:

//,./,/.,/*,*.,~,\,%00-%1f,%7f

The character sequence of '/.' blocked the access.

Resolution

Remove the '/.' pattern in the BadUrlChars parameter of the Agent Configuration Object.

Example of updating BadUrlChars (default value of SPSDefaultSettings):

  • Current
//,./,/.,/*,*.,~,\,%00-%1f,%7f
  • New
//,./,/*,*.,~,\,%00-%1f,%7f

Additional Information

This is noted as Prerequisites in the documentation Discovery Profile of Provider Metadata.

Powered by Wolken Software