Previous Topic: Configuration or Organization Not Found in cm-aads.logNext Topic: ArcotID OTP Authentication Failures

Troubleshooting GuideRuntime IssuesAdvanced Authentication IssuesCommon Advanced Authentication ErrorsError When Starting Advanced Authentication Flows

Error When Starting Advanced Authentication Flows

Symptom

When starting Advanced Authentication flows from the Credential Handler Service page, an error message similar to the following appears in the in twslogging.log file:

Timestamp - ERROR – RequestHandler – Authentication failed received authToken=…, CalculatedToken=…

Solution

This message may indicate that Advanced Authentication does not have the correct shared secret configured to communicate with Tenant Web Services.

Do the following:

Reset the shared secret, and ensure that the value set for tws.shared.secret in the AOK_OVERLOADED_PROPS database table matches with the shared secret in clear text.

During the installation of SiteMinder Policy Server, if the _aa_tws_shared_secret property in properties.sh is set to another value, then you need to make Tenant Web Services and the Credential Handling Service aware of this shared secret:

For the SiteMinder Policy Server, configure the Tenant Web Services shared secret:

  1. cd /opt/CA/AdvancedAuth/Tomcat/webapps/tenant-services/WEB-INF/classes/resources
  2. (optional) dos2unix tenantconfiguration.xml
  3. Edit tenantconfiguration.xml.
  4. Set twssecret to _aa_tws_shared_secret value and make sure isencrypted=false.
  5. Restart Advanced Authentication Tomcat.
  6. Edit tenantconfiguration.xml again.
  7. Copy the now-encrypted shared secret.

Configure the SPS-Credential Handling Service shared secret:

  1. Edit /opt/CA/secure-proxy/Tomcat/webapps/chs/WEB-INF/classes/config/chsConfig.properties.
  2. Put the encrypted shared secret that yoiu copied in the step 7 above) from Siteminder policy server :tenantconfiguration.xml in the sharedsecret property.
  3. Restart SPS.

Check the tenant Web Services

To obtain tenant information, Tenant Web Services invokes the Identity Minder tenant Web Service. Check its configuration in the tenant user console.

Follow these steps:

  1. Navigate to System, Web Services, Modify Web Service.
  2. Search for and then select the Web Service object.
  3. On the Security tab, make sure to clear the Require Secure Communication option.

Increase the Log Level

If after checking the configuration, the problem persists, perform the following steps:

  1. Increase Tenant Web Services logging level by completing the following steps:
    1. Connect to the siteMinder Policy Server/Advanced Authentication server.
    2. Edit /opt/CA/AdvancedAuth/Tomcat/webapps/tenant-services/WEB-INF/classes/resources/webserviceslogger.properties to set the log level to DEBUG.
    3. Restart the Advanced Authentication Tomcat server.
  2. Replay the use case.
  3. Review twslogging.log, located by default in /opt/CA.