OIDC Partnership and dynamic Redirect URI.
Article ID: 277037
Updated On: 01-23-2025
Products
SITEMINDER
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Federation (SiteMinder)
Issue/Introduction
Implementing OIDC partnership with Policy Server and CA Access Gateway (SPS) acting as Authorization Provider:
- How to set different target URL for the same client?
- How to configure the client to have a dynamic Redirect URI for the same client? The dynamic Redirect URI isn't predictable.
Environment
Version: 12.8.xx (Applicable to all the supported releases)
Component: SMFED (Federation OIDC)
Resolution
In the AdminUI, from the OIDC Client configuration page, it's possible to dress a table of possible Redirect URIs for a specific client (1).
The OIDC client (requester) should provide an OIDC Redirect URI.
Note that the use of wildcards isn't possible at the moment, and the full URL's should be defined in the mapping.
- When leaving the Redirect URIs parameter empty and saving the configuration, the AdminUI returns an error in the browser:
Error: Redirect URI should not be empty - When setting a Redirect URI with a wildcard in the Redirect URIs parameter such as:
https://*.example.comhttps://?.example.com
clicking on the "Add" button, the AdminUI returns another error:Invalid URI format
and the configuration cannot be saved;
To get that functionality enhanced, to accept wildcards and such dynamic Redirect URIs, open an Enhancement Request (Idea) (2).
Additional Information
- Redirect URIs
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/administrative-ui/openid-connect-provider-reference/clients-dialog.html - Creating an Idea/Enhancement Request for SiteMinder
https://knowledge.broadcom.com/external/article?articleId=39337
Feedback
Was this article helpful?
Yes
No
Powered by
