CA Identity ManagerCA Identity GovernanceCA Identity Portal
Issue/Introduction
When starting Identity Manager errors are produced reporting mismatched secret passwords (see below)
There was an error in Decrypting the inbound payload from the provisioning server. This could be due to mismatched shared secrets.
etatrans:
20190227:103728:TID=650b70:EtaServer :----:----:I: Retrieving common BLS Connectivity Configuration
etanotify:
20190227:103728:TID=650b70:I: ================================================= 20190227:103728:TID=650b70:I: START: Notify Batch Processing 20190227:103728:TID=650b70:I: Sending Notification: eTNotifyOpID=ef0eb168-ceef-1038-9e21-cd2297e3498e 20190227:103728:TID=650b70:I: Event: Resume_Account (eTDYNAccountName=98773208) 20190227:103728:TID=650b70:I: SeqNo: 0000000004 20190227:103728:TID=650b70:I: Try sending payload to http://10.17.1.13:8080/iam/im/ETACALLBACK/?env=identityEnv 20190227:103728:TID=650b70:E: ERROR: There was an error in Decrypting the inbound payload from the provisioning server. This could b 20190227:103728:TID=650b70:E:+e due to mismatched shared secrets. 20190227:103728:TID=650b70:E: Error in notification processing: Reason: Operation failed. ERROR: IMS was not able to consume the not 20190227:103728:TID=650b70:E:+ification successfully.
Cause
It is possible for the passwords can fall out of sync.
Environment
CA Identity Manager 14.x
Resolution
The password used by Provisioning Server to encrypt the notification and sent to Identity Manager is part of BLS Connectivity Configuration(eTConfigPayload attribute). This can be updated either by Provisioning Manager or Identity Manager.
Via the Identity Manager (IM) user console "System->Secret Keys" screen
or
Via the Provisioning Sever "System -> Identity Manager Setup - > Shared Secret" screen
Try changing the password on the provisioning server and wait for it to be read by IM.