SAP Knowledge Base Article - Preview

2906040 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant. BasicAuthentication is set

Symptom

  • Provisioning users with Identity Provisioning (IPS) from/to Identity Authentication fails.
  • In the job log, the following error message is displayed:

Cannot execute provisioning job in tenant context: xxx
Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Error during execution on behalf of tenant with ID: xxx
Caused by: com.sap.security.iag.provisioning.ProvisioningException: Can not read entities from source system: 'xxx'
Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking <url> with statusCode: 403

or 

error=org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https://<tenant ID> .accounts.ondemand.com/service/scim/Users/<Administrator User ID>with statusCode: 403, Response: ,

  • In the Identity Authentication source or target system, the property "Authentication" is set with value "BasicAuthentication".
    If the property "Authentication" is set with value "ClientCertificateAuthentication", then see KBA 3358820 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant due to wrong certificate mapping.


Read more...

Environment

  • Identity Provisioning
  • Identity Authentication

Product

Identity Provisioning 1.0

Keywords

ips, iam, ids, ias, job log, provision, sync, cannot read, 403, failed to invoke, error code, Target System returned Forbidden status, Unable to update scim user email because caller is not privileged admin , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.