3358820 - IPS job fails with HTTP code 403/401 when provisioning from/to an Identity Authentication tenant. ClientCertificateAuthentication is set

• In IPS, IAS source system/target system was configured with client certificate authentication(property "Authentication": "ClientCertificateAuthentication").
  
  

In ips_jobErrorLogs_<job ID>_<date><time>.zip file, the following 403/401 error can be seen:

error=org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https: //<tenant id>.accounts.ondemand.com/service/scim/Users with statusCode: 403, Response: ,

or

error=HTTP operation failed invoking https://<tenant id>.accounts.ondemand.com/service/scim/Users with statusCode: 401, Response: ,

or

Caused by: HTTP operation failed invoking https://<tenantid>.accounts.cloud.sap/scim/Users?startId=initial&count=100 with statusCode: 401 and body {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"401","detail":"Authentication credentials are invalid or not allowed for this endpoint."} 
Caused by: HTTP operation failed invoking https://<tenantid>.accounts.cloud.sap/scim/Users?startId=initial&count=100 with statusCode: 401, Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"401","detail":"Authentication credentials are invalid or not allowed for this endpoint."}

• If basic authentication (property "Authentication": "BasicAuthentication") is set, then see KBA 2906040 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant. BasicAuthentication is set.

• Identity Provisioning
• Identity Authentication

ips, iam, ids, ias, job log, provision, sync, cannot read, 403, 401, failed to invoke, error code, Target System returned Forbidden status, client certificate, x.509, expire, expired, certificate , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , BC-IAM-IDS , Identity Authentication Service , Problem