SaaS Portal Enrollment fails with UniqueKeyConflict message.

Document ID : KB000005377
Last Modified Date : 24/01/2019
Show Technical Document Details
Issue:

The enrollment of a on-premise CA API Gateway with a CA SaaS API Portal fails.

 

When entering the enrollment URL in the SSG Manager, following messages are seen: 

<l7:Mapping action="NewOrUpdate" errorType="UniqueKeyConflict" srcId="efihf84651j156450654984edee" type="POLICY"> 

<l7:Properties> 

<l7:Property key="ErrorMessage"> 

<l7:StringValue>(name) (internalTag, type) must be unique</l7:StringValue> 

</l7:Property> 

</l7:Properties> 

</l7:Mapping> 

 

Cause:

CA API SaaS Portal doesn't support enrollment of a CA API Gateway that has already been used with other CA API Portals or has certain global policy fragments as this will conflict with policy bundle being downloaded as part of enrollment 

The best option is to work with a clean CA API Gateway with OTK installed and then do the enrollment .

Also message-received-policy and message-completed-policy are global policy fragments and can be there only one of each per gateway , so the enrollment of portal will fail as it won't be allowed to create another global message-received policy fragment and/or message-completed-policy.

Resolution:

Delete existing message-received policy and/or message-completed-policy (copy content to a temporary policy).

Enroll with Portal (new message-received-policy and message-completed-policy are created).

Adjust new message-received-policy and/or message-completed-policy by adding the content of the old one(s) into the new one(s).