Shared secret lost

book

Article ID: 132091

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

When starting Identity Manager errors are produced reporting mismatched secret passwords  (see below)

There was an error in Decrypting the inbound payload from the provisioning server. This could be due to mismatched shared secrets. 

etatrans: 

20190227:103728:TID=650b70:EtaServer :----:----:I: Retrieving common BLS Connectivity Configuration 

etanotify: 

20190227:103728:TID=650b70:I: ================================================= 
20190227:103728:TID=650b70:I: START: Notify Batch Processing 
20190227:103728:TID=650b70:I: Sending Notification: eTNotifyOpID=ef0eb168-ceef-1038-9e21-cd2297e3498e 
20190227:103728:TID=650b70:I: Event: Resume_Account (eTDYNAccountName=98773208) 
20190227:103728:TID=650b70:I: SeqNo: 0000000004 
20190227:103728:TID=650b70:I: Try sending payload to http://10.17.1.13:8080/iam/im/ETACALLBACK/?env=identityEnv 
20190227:103728:TID=650b70:E: ERROR: There was an error in Decrypting the inbound payload from the provisioning server. This could b 
20190227:103728:TID=650b70:E:+e due to mismatched shared secrets. 
20190227:103728:TID=650b70:E: Error in notification processing: Reason: Operation failed. ERROR: IMS was not able to consume the not 
20190227:103728:TID=650b70:E:+ification successfully. 

Cause

It is possible for the passwords can fall out of sync.

Environment

CA Identity Manager 14.x

Resolution

The password used by Provisioning Server to encrypt the notification and sent to Identity Manager is part of BLS Connectivity Configuration(eTConfigPayload attribute). This can be updated either by Provisioning Manager or Identity Manager.

Via the Identity Manager (IM) user console "System->Secret Keys" screen

or

Via the Provisioning Sever "System -> Identity Manager Setup - > Shared Secret" screen

Try changing the password on the provisioning server and wait for it to be read by IM.