CA API Management Gateway: OTK test client returns the error 'Sorry, but the authorizaton_code has been processed already' when using Siteminder as an Identity Provider

Document ID : KB000008776
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When configuring OTK with Siteminder for authentication you may receive the error message "Sorry, but the authorizaton_code has been processed already" when generating tokens.

 

 

auth_Code.png

Cause:

The policy, OTK id_token generation, uses the Siteminder attribute, ATTR_USERUNIVERSALID, as the salt value for generating the subject of the id_token.

If this attribute is not set in Siteminder it will fail the policy with a blank salt value.

 

salt.png

 

 

Resolution:

To resolve the issue you can 

1. Work with the Siteminder administrator to populate the value of USERUNIVERSALID

or

2. Set this to another unique attribute such as userDN. This value always has to be the same value for the same user per IDP.