Symptom
While replicating the employee masterdata, the followed error below is logged in the SL1 transaction:
Query has response with status Failed; ECPAO_QRY_ADM table updated
adapter.oauth.token.saml.SAMLAuthent
Environment
- SAP ERP 6.0
- SAP enhancement package 1 for SAP ERP 6.0
- SAP enhancement package 2 for SAP ERP 6.0
- SAP enhancement package 3 for SAP ERP 6.0
- SAP enhancement package 4 for SAP ERP 6.0
- SAP enhancement package 5 for SAP ERP 6.0
- SAP enhancement package 6 for SAP ERP 6.0
- SAP enhancement package 7 for SAP ERP 6.0
- SAP enhancement package 8 for SAP ERP 6.0
- PA_SE_IN Addon - Business Integration Builder
Reproducing the Issue
- Run report ECPAO_EE_ORG_REPL_QUERY
- Select a variant or fill the mandatory entries
- Check the logs in SLG1
Cause
errorMessage":"Unable to authenticate the client (Login failed - login from this IP address xxx.xxx.xxx.xxx is prohibited."
Resolution
- Revise the logs error in SLG1
- Collect the message error in the SRTUTIL/SXI_MONITOR transaction for the interface EmployeeMasterDataAndOrgAssignmentBundleReplicationRequest_In
Message error can be checked in the XML file with the string:
com.sap.it.rt.adapter.oauth.token.saml.SAMLAuthenticationException: Exception occured while fetching SAML OAuth Token. Reason: status code: 401, reason phrase: {"errorHttpCode":"401","errorMessage":"Unable to authenticate the client (Login failed - login from this IP address xxx.xxx.xxx.xx is prohibited. You can set an API login exception to allow login from this IP address. - Add IP address (or IP address Range) on the IP Restriction Management, through Admin Centre > Tools.
For more information, read documentation: SAP Help Blog | Restricting API Access by IP Addresses or IP Address Ranges
Keywords
SAMLAuthenticationException, SAMLAuthent, SLG1, adapter.oauth.token.saml.SAMLAuthent , KBA , LOD-EC-INT-EE , Employee Integration EC to ERP On Premise , Problem
Product
SAP SuccessFactors HXM Core 2211