Policy Server :: Google Authentication : An error response was sent from the Authorization Server. Error: invalid_grant

book

Article ID: 91688

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We run Policy Server configured to login with Google, then the login
process fails and returns error :

[Cookies:{}] [Message: { "error" : "invalid_grant", 
"error_description" : "Code was already redeemed." }]] 

How can we solve that ?

Cause

You may experience this issue because the certificates on the CA
Single Sign-On side are not update.
 

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

1) In a command console where you have openssl installed, run the
   below command to get this new root certificate

   openssl s_client -connect www.googleapis.com:443 -showcerts 
 
   Save the Root certificate for "CN=Google Internet Authority G3, O=Google Trust Services, C=US" 

2) Import this root certificate in AdminUI as CA Authorities. 

This will solve the issue.