Multiple users are having issue with OIDC token generation.We are seeing the below error in our FWS trace log (FWSTrace.log):
[12/14/2022][11:36:53][3140][10436][<Transaction ID>][TokenService.java][processRequest][ Calling OpenIDConnectTunnelClient for accessToken]
[12/14/2022][11:36:53][3140][10436][<Transaction ID>][OpenIDConnectTunnelClient.java][callOpenIDConnectAccessTokenRequest][Tunnel result code: 2.]
[12/14/2022][11:36:53][3140][10436][<Transaction ID>][OpenIDConnectTunnelClient.java][callOpenIDConnectAccessTokenRequest][Exception caught in class com.ca.federation.webservices.openidconnect.d, method callOpenIDConnectAccessTokenRequest: java.lang.IllegalArgumentException: "Cannot parse bytes to a Response"]
[12/14/2022][11:36:53][3140][10436][<Transaction ID>][TokenService.java][processRequest][ AccessTokenTunnel call failed ]
[12/14/2022][11:36:53][3140][10436][<Transaction ID>][OpenIDConnectServiceBase.java][sendJSONErrorResponse][ Sending error JSON message:
{"error":"invalid_request","error_description":"Internal Server Error."}
with error code:500]
If we turn on tracing on Policy Sever, Noticing the following error
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][OidcCommonUtil.java][encryptJWTToken][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][ Start encryption... ][][][][][][][][][]
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][CertUtil.java][getPublicKey][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][Getting certificate for alias: <cert's alias>][][][][][][][][][]
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][CertUtil.java][getPublicKey][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][Certificate for alias: <cert's alias> status = false][][][][][][][][][]
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][CertUtil.java][getPublicKey][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][Cert with alias = <cert's alias> got expired][][][][][][][][][]
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][OidcCommonUtil.java][encryptJWTToken][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][Cert with alias = <cert's alias> got expired][][][][][][][][][]
[12/14/2022][19:29:41][19:29:41.798][][][][][][4464][5288][][][][][][][][][][][][AccessTokenTunnelService.java][tunnel][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][ Exception caught: java.lang.Exception: Cert with alias = <cert's alias> got expired
at com.ca.federation.openidconnect.util.CertUtil.getPublicKey(Unknown Source)
at com.ca.federation.openidconnect.util.OidcCommonUtil.encryptJWTToken(Unknown Source)
at com.ca.federation.openidconnect.generator.IDTokenGenerator.signAndEncryptIDToken(Unknown Source)
at com.ca.federation.openidconnect.generator.IDTokenGenerator.generateIDToken(Unknown Source)
at com.ca.federation.openidconnect.generator.IDTokenGenerator.generateIDToken(Unknown Source)
at com.ca.federation.openidconnect.tunnel.AccessTokenTunnelService.processTokenGeneration(Unknown Source)
at com.ca.federation.openidconnect.tunnel.AccessTokenTunnelService.tunnel(Unknown Source)
at com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)
Release : 12.8.x
Signing certificate is expired
Please renew the signing certificate (the Cert alias is shown in the smtrace log) to a valid one