SAP Knowledge Base Article - Public

3333286 - IPS (Identity Provisioning service) fails to connect to SuccessFactors with: "Invalid client certificate"

Symptom

  • You have configured IPS to use ClientCertificateAuthentication as described in the IPS documentation - Identity Provisioning - Prerequisites
  • The certificate has been uploaded to SuccessFactors
  • When running the scenario, you receive the following error:
    • Authentication service failed to return token.","details":"[AUTH0032]Invalid client certificate" 

Environment

SAP SuccessFactors HXM Suite

  • Odata API
  • IPS (Identity Provisioning Service)

Reproducing the Issue

  1. SuccessFactors Security Center -> X.509 Public Certificate Mapping" -> chose Identity Provisioning
  2. Upload the certificate
  3. Run the scenario
  4. Error "[AUTH0032]Invalid client certificate" is shown

Cause

If the error relates to "Invalid client certificate", there are 2 possible reasons.

  1. Http Request has no certificate header “X-CLIENT-CERT” or incorrect certificate.
  2. Http Request has no “successfactors-companyid” or the incorrect company id was input

Resolution

  1. Double check that the certificate has a header “X-CLIENT-CERT”
  2. Check that the certificate used is the correct one
  3. Check that the tenant name is correct

See Also

Identity Provisioning - Prerequisites

Keywords

Invalid client certificate, Identity Provisioning service, IPS, ODATA , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , Problem

Product

SAP SuccessFactors HCM Suite all versions