We are using the last version of SiteMinder 12.8 with the new implicit Oauth2 flow. It seems SiteMinder does not implement correctly the Implicit flow. As you may see, the response_type=token generate an error: "response type is missing or invalid". Trying with other code the results are: response_type=code --> OK response_type=token --> ERROR response_type=id_token --> OK response_type=id_token%20token --> OK So we are guessing that the OpenID connect Implicit works well, but the Standard OAuth2 implicit does not work. May you help us?
At first glance, it looks like the Implicit Grant Flow is implemented only in the OpenID Connect Provider wich is a new feature from 12.8. OIDC Implicit Flow Besides Authorization Code Flow, CA Single Sign-On can now authenticate users using OIDC Implicit Flow for supporting clients that are browser-based, use a scripting language, and are Single-Page Applications (SPA). Authorization Endpoint issues Access Token and ID Token to a Client directly. CA Single Sign-On Implicit Flow is certified with OpenID Conformance Implicit Profile. New Features https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/new-features For more information, see Authentication Using Implicit Flow Authentication Using Implicit Flow https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/use-ca-single-sign-on-as-openid-connect-provider/authentication-using-implicit-flow CA Single Sign-On as OpenID Connect Provider https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/new-features You'll notice as well that the Implicit Grant Flow isn't recommended to use. OAuth 2.0 Implicit Grant https://oauth.net/2/grant-types/implicit/ What is the OAuth 2.0 Implicit Grant Type? https://developer.okta.com/blog/2018/05/24/what-is-the-oauth2-implicit-grant-type You should note also that CA API Gateway has this feature implemented for OAuth 2.0 : OAuth 2.0 Tutorial 3: The Implicit Grant Type https://communities.ca.com/videos/1363 In order to get this Flow type implemented outside OIDC (OpenID Connect), we invite you to open an Idea on the Security page : 1. Go to the CA Security Overview Page : https://communities.ca.com/community/ca-security/ca-single-sign-on 2. Click on the "Actions" drop-down menu and select "Create an idea." 3. Give your idea a title and detailed description to encourage voting. 4. Publish and vote on your idea!
KB : KB000100776