search cancel

CA API Management Gateway: OTK test client returns the error 'Sorry, but the authorizaton_code has been processed already' when using Siteminder as an Identity Provider

book

Article ID: 8776

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

When configuring OTK with Siteminder for authentication you may receive the error message "Sorry, but the authorizaton_code has been processed already" when generating tokens.

 

 

<Please see attached file for image>

auth_Code.png

Environment

Release:
Component: APIGTW

Cause

The policy, OTK id_token generation, uses the Siteminder attribute, ATTR_USERUNIVERSALID, as the salt value for generating the subject of the id_token.

If this attribute is not set in Siteminder it will fail the policy with a blank salt value.

 

<Please see attached file for image>

salt.png

 

 

Resolution

To resolve the issue you can 

1. Work with the Siteminder administrator to populate the value of USERUNIVERSALID

or

2. Set this to another unique attribute such as userDN. This value always has to be the same value for the same user per IDP.

Attachments

1558700527437000008776_sktwi1f5rjvs16p3i.png get_app