Symantec Access Management

Tech Tip : CA Single Sign-On : Policy Server :: Google Authentication : An error response was sent from the Authorization Server. Error: invalid_grant

  • 1.  Tech Tip : CA Single Sign-On : Policy Server :: Google Authentication : An error response was sent from the Authorization Server. Error: invalid_grant

    Posted 04-17-2018 05:06 AM

    Issue:


    We run Policy Server configured to login with Google, then the login
    process fails and returns error :

    [Cookies:{}] [Message: { "error" : "invalid_grant",
    "error_description" : "Code was already redeemed." }]]

    How can we solve that ?

     

    Cause:

     

    You may experience this issue because the certificates on the CA
    Single Sign-On side are not update.

     

    Resolution:

     

     

    1) In a command console where you have openssl installed, run the
    below command to get this new root certificate

    openssl s_client -connect www.googleapis.com:443 -showcerts

    Save the Root certificate for "CN=Google Internet Authority G3, O=Google Trust Services, C=US"

    2) Import this root certificate in AdminUI as CA Authorities.

    This will solve the issue.

     

     

    KB : KB000091688