2906040 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant

Symptom

Provisioning users with Identity Provisioning (IPS) from/to Identity Authentication fails.

In the job log, the following error message is displayed:

Cannot execute provisioning job in tenant context: xxx
Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Error during execution on behalf of tenant with ID: xxx
Caused by: com.sap.security.iag.provisioning.ProvisioningException: Can not read entities from source system: 'xxx'
Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking <url> with statusCode: 403

or

error=org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https://<tenant ID> .accounts.ondemand.com/service/scim/Users/<Administrator User ID>with statusCode: 403, Response: ,

Environment

Identity Provisioning
Identity Authentication

Product

Identity Provisioning 1.0

Keywords

ips, iam, ids, ias, job log, provision, sync, cannot read, 403, failed to invoke, error code, Target System returned Forbidden status , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.