SaaS Portal Enrollment fails with UniqueKeyConflict message.

Document ID : KB000005377
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The enrollment of a on-premise CA API Gateway with a CA SaaS API Portal fails.

 

When entering the enrollment URL in the SSG Manager, following messages are seen: 

<l7:Mapping action="NewOrUpdate" errorType="UniqueKeyConflict" srcId="efihf84651j156450654984edee" type="POLICY"> 

<l7:Properties> 

<l7:Property key="ErrorMessage"> 

<l7:StringValue>(name) (internalTag, type) must be unique</l7:StringValue> 

</l7:Property> 

</l7:Properties> 

</l7:Mapping> 

 

Cause:

CA API SaaS Portal doesn't support enrollment of a CA API Gateway that has already been used with other CA API Portals or has certain global policy fragment as this will conflict with policy bundle being downloaded as part of enrollment 

The best option is to work with a clean CA API Gateway with OTK installed and then do the enrollment .

Also message-received-policy is a global policy fragment and can be there only one per gateway , so the enrollment of portal will fail as it won't be allowed to create another global message-received policy fragment.

Resolution:

Delete existing message-received policy (copy content to a temporary policy).

Enroll with Portal (new message-received policy is created).

Adjust new message-received policy by adding the content of the old one into the new one.