Patrick-Dussault

Tech Tip : CA Single Sign-On : Policy Server :: Google Authentication : An error response was sent from the Authorization Server. Error: invalid_grant

Discussion created by Patrick-Dussault Employee on Apr 17, 2018

Issue:


We run Policy Server configured to login with Google, then the login
process fails and returns error :

[Cookies:{}] [Message: { "error" : "invalid_grant",
"error_description" : "Code was already redeemed." }]]

How can we solve that ?

 

Cause:

 

You may experience this issue because the certificates on the CA
Single Sign-On side are not update.

 

Resolution:

 

 

1) In a command console where you have openssl installed, run the
below command to get this new root certificate

openssl s_client -connect www.googleapis.com:443 -showcerts

Save the Root certificate for "CN=Google Internet Authority G3, O=Google Trust Services, C=US"

2) Import this root certificate in AdminUI as CA Authorities.

This will solve the issue.

 

 

KB : KB000091688

Outcomes