<br> <br> We are using the last version of SiteMinder 12.8 with the new implicit Oauth2 flow. <br><br>It seems SiteMinder does not implement correctly the Implicit flow. As you may see, the response_type=token generate an error: <br><br>"response type is missing or invalid". <br><br>Trying with other code the results are: <br>response_type=code --> OK <br>response_type=token --> ERROR <br>response_type=id_token --> OK <br>response_type=id_token%20token --> OK <br><br>So we are guessing that the OpenID connect Implicit works well, but the Standard OAuth2 implicit does not work. <br><br>May you help us?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP<br> Component: <br>
At first glance, it looks like the Implicit Grant Flow is implemented<br>only in the OpenID Connect Provider wich is a new feature from 12.8.<br><br>OIDC Implicit Flow<br><br>Besides Authorization Code Flow, CA Single Sign-On can now<br>authenticate users using OIDC Implicit Flow for supporting clients<br>that are browser-based, use a scripting language, and are Single-Page<br>Applications (SPA). Authorization Endpoint issues Access Token and ID<br>Token to a Client directly. CA Single Sign-On Implicit Flow is<br>certified with OpenID Conformance Implicit Profile.<br><br>New Features<br>https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/new-features<br><br>For more information, see Authentication Using Implicit Flow<br><br> Authentication Using Implicit Flow<br> https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/use-ca-single-sign-on-as-openid-connect-provider/authentication-using-implicit-flow<br><br> CA Single Sign-On as OpenID Connect Provider<br> https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/new-features<br><br>You'll notice as well that the Implicit Grant Flow isn't recommended to use.<br><br> OAuth 2.0 Implicit Grant<br> https://oauth.net/2/grant-types/implicit/<br><br> What is the OAuth 2.0 Implicit Grant Type?<br> https://developer.okta.com/blog/2018/05/24/what-is-the-oauth2-implicit-grant-type<br><br>You should note also that CA API Gateway has this feature implemented for OAuth 2.0 :<br><br> OAuth 2.0 Tutorial 3: The Implicit Grant Type<br> https://communities.ca.com/videos/1363<br><br>In order to get this Flow type implemented outside OIDC (OpenID Connect), we invite you<br>to open an Idea on the Security page :<br><br> 1. Go to the CA Security Overview Page :<br> https://communities.ca.com/community/ca-security/ca-single-sign-on<br> 2. Click on the "Actions" drop-down menu and select "Create an<br> idea."<br> 3. Give your idea a title and detailed description to encourage<br> voting.<br> 4. Publish and vote on your idea!