This "retry with a new valid code or use an existing refresh token" seems to be related to the application server. If you're using IBM WebSphere, I would recommend opening a case with them. Someone from their Security team can look at the proper logs generated by WebSphere with SSO flags on.
This error does not seem to be related to the TRIRIGA SSO Configuration itself. I hope this helps.
------------------------------
Giuliano Schmidt
------------------------------
Original Message:
Sent: Sun June 09, 2024 10:01 PM
From: Thanusanth Srilavarasan
Subject: TRIRIGA 4.5.3 SSO Login Error
After updating our platform from version 4.5.2 to 4.5.3, we are encountering an error message during SSO login.
Users can successfully use the SSO link without any issues. However, the subsequent service call immediately results in a 401 unauthorized error.
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: f00f5f95-f822-4ad6-9cd4-27825f6b5500 Correlation ID: f22dd1fe-fd8e-4261-972e-e7b6838b39ab Timestamp: 2024-06-10 01:54:40Z
Could this issue be due to a specific configuration in the customer's TRIRIGA instance? Why is their TRIRIGA instance rejecting this call?
Any assistance or insights would be greatly appreciated.
------------------------------
Thanusanth Srilavarasan
------------------------------