OIDC Authorization Code Flow returns error 400 Bad Request due to "redirect_uri" parameter is replaced with "prompt".

GET https://gateway.example.com/affwebservices/CASSO/oidc/exampleclient/authorize?client_id=000xxxxxxxxxxxxxxxx00&redirect_uri=https%3A%2F%2Fdev.example.com%2Fpromptstore%2Fauth%2Fcallback&response_type=code&scope=openid%20groups%20profile&state=a5c..............f6&code_challenge=Yph............8qnc&code_challenge_method=S256&response_mode=query HTTP/1.1

GET https://gateway.example.com/affwebservices/secure/secureredirect?appname=exampleApp&client_id=000xxxxxxxxxxxxxxxxxxxxxx000&prompt=https://dev.example.com/promptstore/auth/callback&response_type=code&scope=openid%20groups%20profile&state=a5c..............f6&code_challenge=Yph............8qnc&code_challenge_method=S256&response_mode=query&SMPORTALURL=JjhvLcR..................7vs5DlDdKDuil2QX HTTP/1.1

SiteMinder ALL version prior to 12.8sp8

OIDC keyword "prompt" is detected in the request URL itself.  e.g. promptstore

Affwebservice is scanning the url for keywords, due to that, Affwebservice decides to replace it upon encountering such keyword.

However, "prompt=login" itself was not present in the original oidc request.

FWSTrace.log

[mm//dd/yyyy][hh:mm:ss][19755][140121988085504][3e8dxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-9][AuthorizationService.java][processRequest][prompt=login. Hence will reauthenticate the user.]
[mm//dd/yyyy][hh:mm:ss][19755][140121988085504][3e8dxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx-9][AuthorizationService.java][processRequest][Query string after removing login value from prompt query parameter=client_id=00..

This is a defect and will be fixed in future releases.

A simple workaround solution to this problem is to change "promptstore"  to something that does not have "prompt" keyword in it.