REST-API with ADS user account as Authentication Module --> 401 Unauthorized


we use the One Identity Manager version 8.0.5.

We have a first use case that involves using the REST API. In our development and test environment, the REST calls work using the system user as authentication method.
In production, however, the ADS user account (role-based) method is to be used, which is currently not yet successful.

If you call up the BaseURL of the application server you get to the login page, if you then switch the method there to "ADS user account (role based)" or "ADS user account", the message appears
that an error has occurred.
If we try PowerShell, as indicated in the examples, the error message appears
Invoke-RestMethod: The remote server returned an error: (401) Unauthorized.

What can be the reason? What other configuration should we check?

In the IIS, Anonymous Authentication and Windows Authentication are currently enabled as authentication.

Thank you for any hints

Parents Reply Children
  • No problem, Markus.

    In the meantime we've tried a new server and managed to do it.

    The configuration with SSL works. And the search index also seems to be built correctly, what the lines tell me

    INFO (Indexing ) : Index is incomplete (100%); indexing will continue in 3000 ms

    Take the opportunity to ask some more questions:
    - is there a limit to the number of app servers with search indexes?
    - Lines like this keep appearing in the log

    INFO (AppServer ) : Could not find authentication data for session 2C72CXU2KtSQCpPAl397, it may have expired

    what do they mean?

  • is there a limit to the number of app servers with search indexes?

    No there is no limit. By default, every application server you are installing contains a search indexer. But you should have in mind, that every indexer put some additional load (a small one) onto the database.

    The error message could be caused by connection attempts using a session cookie, where the session has already expired.