During the OpenID Connect (OIDC) authentication process in Symantec SiteMinder, if a user's attribute (such as last name) is set to "True", "False", or "Null", the Policy Server passes the claim without double quotes (" "). This causes the value to be processed as a Boolean or null literal instead of a strin  leading to failures.

• Product: Symantec SiteMinder Policy Server
• Version: 12.80.801.3003
• Access Gateway: 12.80.0801.3003

SiteMinder fails to wrap specific reserved words (True, False, Null) in double quotes within the OIDC claims. While standard names like "Joe" are correctly passed as "Joe", these specific values are sent as literals, causing type-mismatch errors in the application Name passed to OIDC in boolean.

A code fix has been developed for Policy Server version 12.80.801.3003 to ensure these claims are passed as strings Name passed to OIDC in boolean.

Attached the new jar generated for 12.8 SP8 CR01 

Deployment Instructions:

1. Stop the Policy Server.
2. Navigate to the following directory in your installation: .../siteminder/bin/jars
3. Back up the existing openidconnectserver.jar file to a secure location.
4. Replace it with the updated openidconnectserver.jar provided in the fix 
5. Restart the Policy Server.
6. Verify the authentication flow in the fwstrace.log by Extracting the ID token containing the claims