When running a CA Access Gateway (SPS) and when user enters credentials for OpenID Authentication Scheme, the request fails at the Policy Server level, and CA Access Gateway (SPS) reports the error:
[08/29/2019][12:51:29][19184][15608][][AuthenticateUser][User 'unknown' is not authenticated by Policy Server.]
Policy Server 12.8
CA Access Gateway (SPS) 12.8
From the traces, the problem shows that the URL defined in the backend Provider for OIDC Connect in the openid.fcc file, which is passed to the Policy Server:
sps-trace.log:
[09/12/2019][11:59:54][11876][18608][][AuthenticateUser][User 'unknown' is not authenticated by Policy Server.]
smtracedefault.log:
[09/12/2019][11:59:50.557][11:59:50][18484][2004][Sm_Auth_Message.cpp:780][CSm_Auth_Message::AuthenticateUser][][][/Openidtest/test.html][][][][][][][][][][][][][][][][][][Authenticating user.]
[...]
[09/12/2019][11:59:54.631][11:59:54][18484][2004][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][Discovery failed for the identifier https://mybackendserver.example.com/auth/realms/bpcode/protocol/openid-connect/auth?client_id=oidctest
[...]
][SMAuthOpe nID:preAuthenticate: Discovery failed for the identifier https://mybackendserver.example.com/auth/realms/bpcode/protocol/openid-connect/auth?client_id=oidctest
When the backend Provider is an OpenID Connect (OIDC), the OpenID Authentication Scheme shouldn't be in use.
Configure Siteminder as OIDC Client and configure a Federation Journey with JWT Authentication Scheme on the Siteminder side (1)(2).