Hello
I’m trying to consume IFS REST API for integration purposes.
We’ve set up ADFS as identity provider, I was able to get id token, but when calling GET on CurrencyTypeSet projection i’m getting 401 Unauthorized. I also noticed in WWW-Authenticate response header an error:: error_description="fbdb0e4e-d282-43ac-93b3-5ddf10abc923: Signature of the provided id token could not be validated against the public signing keys of the identity provider."
What to check to solve the issue?
I think the proper question would be how to obtain a token from ADFS, since the one I obtained is most likely from IFS IDP (according to OAuth Invalid Signature | IFS Community and dsj23 website IFS Authentication flow with OAuth and OpenID Connect – DSJ's Blog (dsj23.me))
Finally i was able to solve the issue, i was authenticating by IFS DB identity provider, but I should authenticate by ADFS. Once I obtain a token from ADFS i was able to authorize requests.
Finally i was able to solve the issue, i was authenticating by IFS DB identity provider, but I should authenticate by ADFS. Once I obtain a token from ADFS i was able to authorize requests.
Hello. I’m having the exact same problem. I’ve used https://[domain]/openid-connect-provider/idp/token to get the token and since it gave that error, I tried with https://login.microsoftonline.com/[tenant_ID]/oauth2/token and still didn’t work.
Can you share how you managed it?
Thanks
Hello
It depends how identity manager is configured in IFS.
In our case it’s ADFS (on-premise), not Azure AD.
I had to authorize the /token request with Basic method (includes a user which is IFS application ID - client id native - defined in ADFS, no password) and put in a body (www-form-urlencoded) 4 key-value pairs:
“grant_type” = “password”
“resource” = api://<INSTANCE_NAME>
“username” = IFS account directory_id
“password” = IFS account password
Additionally, added a request header: "Content-Type": "application/x-www-form-urlencoded"
Please, refer to below docs page for further explanation:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
