The user logs into the AdminUI and attempts to use the REST API Services using legacy Admin credentials but observes the below error message. (On the REST API screen, observed User Unauthorized message)

- Error message: " [SMRESTAPI_004-Unable to decrypt the JWT token.] "

------ From smrestservices log file:

[2025-02-11 13:50:32][ERROR][SmRestAuthFilter:com.ca.siteminder.sdk.restservlet.filters.SmRestAuthFilter.doFilter(SmRestAuthFilter.java:186)][SMRESTAPI_004-Unable to decrypt the JWT token.]
com.ca.siteminder.sdk.restapi.SmRestException: SmRestException msgId=SMRESTAPI_812 args=[FedOAuthAuthorizationServer], code=812, status=400
    at com.ca.siteminder.sdk.restimpl.ClientSession.resolveClassName(Unknown Source) ~[smrestapi-12.70.jar:?]

Environment: 12.8.xx.xx (Applicable to all the supported releases)
Component: SMAUI (CA siteminder AdminUI)

If there are any xps classes which are not available to rest interface as part of schema definitions in such case it reports SmRestException msgId=SMRESTAPI_812 args=[FedOAuthAuthorizationServer], code=812, status=400

In this case " OAuthAuthorizationServer " XPS class is not available in Policy Store Schema, hence an exception is thrown, that is being caught by outer level function and reported Unable to decrypt the JWT token. The Outer level function or call actually decrypts the token.

To resolve the issue, please import the Policy Store Data Definitions, Default Policy Store Objects and Federation Policy Store Objects by following the below documentation.

- Document reference:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-store.html

After upgrading the Policy Store Instance, please restart all Policy Servers that are communicating with the policy store.

If needed, please use the " XPSExplorer " utility and validate the presence of " OAuthAuthorizationServer " under FED Category.