Token Issuer not auto-populated in Multi Factor Authentication Chain authentication scheme
search cancel

Token Issuer not auto-populated in Multi Factor Authentication Chain authentication scheme

book

Article ID: 387605

calendar_today

Updated On:

Products

SITEMINDER VIP Authentication Hub

Issue/Introduction

When selecting the VIP Authentication Hub Authentication Instance under the Secondary Authentication Scheme, the Token Issuer in the ID Token Hint Generation Setup section is typically auto-populated. However, in this case, the auto-population is not functioning, and the Token Issuer is left unpopulated.

The following error was observed in the Admin UI logs:

2025-05-07 12:17:07,876 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - getApplicationId, ApplicationId: ########-####-####-####-############
2025-05-07 12:17:07,876 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - Fetching the VIP Authentication Provider Certificates for Siteminder
2025-05-07 12:17:07,876 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - getAuthHubCertificates, tokenEndpoint: https://###.###.###.###/default/oauth2/v1/token

or

2025-02-04 15:22:56,751 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - getApplicationId, ApplicationId: ########-####-####-####-############
2025-02-04 15:22:56,751 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - Fetching the VIP Authentication Provider Certificates for Siteminder
2025-02-04 15:22:56,751 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - getAuthHubCertificates, tokenEndpoint: https://###.###.###.###/default/oauth2/v1/token
2025-02-04 15:22:56,878 [ERROR] com.ca.siteminder.webadmin.tabs.BaseAuthSchemeGeneralTabPage [] - Fetching the CertAlias of VIP Authentication Application type  = null, Provider Name = VIP_AHfor Siteminder

 

Environment

Siteminder 12.8.x
VIP Authentication Hub 3.2.x, 3.3.x

Cause

There is/are certificate(s) in VIP Authentication Hub which is/are imported without Token Issuer value. Or otherwise the credentials were not loaded up by Siteminder Admin UI

Resolution

First of all, login to VIP Authentication Hub Admin UI, go to Certificates page and make sure there is no certificate item without Token Issuer value. If you have that kind of certificate item, please remove or update/re-import the certificate and make sure to specify Token Issuer value.

If the problem is persisted, do the following steps to workaround this problem.

Login to Siteminder Admin UI and open the VIP Authentication Hub Provider and do the following steps on the Provider tab
   1. Click the [Modify] button
   2. Click the [Test Connection] button and make sure the test is successful
   3. Click the [Save] button

After that, modify the Multi Factor Authentication Chain authentication scheme, deselect and re-select the VIP Authentication Hub Authentication Instance under the Secondary Authentication Scheme.

Powered by Wolken Software