Symptom
- You have configured IPS to use ClientCertificateAuthentication as described in the IPS documentation - Identity Provisioning - Prerequisites
- The certificate has been uploaded to SuccessFactors
- When running the scenario, you receive the following error:
- Authentication service failed to return token.","details":"[AUTH0032]Invalid client certificate"
Environment
SAP SuccessFactors HXM Suite
- Odata API
- IPS (Identity Provisioning Service)
Reproducing the Issue
- SuccessFactors Security Center -> X.509 Public Certificate Mapping" -> chose Identity Provisioning
- Upload the certificate
- Run the scenario
- Error "[AUTH0032]Invalid client certificate" is shown
Cause
If the error relates to "Invalid client certificate", there are 2 possible reasons.
- Http Request has no certificate header “X-CLIENT-CERT” or incorrect certificate.
- Http Request has no “successfactors-companyid” or the incorrect company id was input
Resolution
- Double check that the certificate has a header “X-CLIENT-CERT”
- Check that the certificate used is the correct one
- Check that the tenant name is correct
See Also
Keywords
Invalid client certificate, Identity Provisioning service, IPS, ODATA , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , Problem
Product
SAP SuccessFactors HCM Suite all versions