Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.
Please consider addressing the following when creating your topic:
Tried to configure AI-Driven Identity Security in IIQ to integrate the ISC tenant for recommendation and GenAI, however I am getting an error. GenAI failed to connect: Failed to connect with OAuth token provider at host ``https://xxxxxx.api.identitynow-demo.com`` : javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Configurations are correct, client id and secret is working fine via postman.
Hi @kannan_sb85 - It can’t find the cert for some reason. Are you going through a proxy? One thing you may try is exporting the cert from your tenant url. Click the lock in your browser bar next to https and export that certificate. Then import it into your keystore.
Hi Ryan, I have not using the proxy, the tenant is demo only from the Ambassador and when I checked the certificate it is still valid till july 2026. I have imported the certificate in the keystore, still it is not working, is there any solution or does it related with the tenant issue? The GenAI testconnection is working, but not the AI-Driven Configuration
Unfortunately, there is still no success I am getting the same connection failed error 401. what is confusing is that the GenAI test connection works using the same client ID, secret, and endpoint. Despite that, the main connection continues to fail, which makes the issue quite challenging.
I had seen a very similar issue a few months back
In that case, configuring only the API Management Client ID/Secret in ISC was not enough for the complete AI-Driven Identity Security setup.
Since your GenAI Test Connection is already working, it looks like the credentials and endpoint are probably correct
You may want to verify whether the remaining ISC-side onboarding steps are also completed, especially things like:
Creating an IdentityIQ Data Source for Connectivity with AI-Driven Identity Security
Configuring IdentityIQ for Access Modeling
Generating Client Credentials in Your Tenant
Importing the init-ai.xml File
Configuring AI-Driven Identity Security in IdentityIQ
Installing the Access Modeling Plugin
Configuring Automatic Role Creation in IdentityIQ
Integrating Access Recommendations for IdentityIQ
Of course, you may already have some of these configured, but based on the behavior and the 401 during the main integration flow, it might be worth double-checking those sections once.
The official guide explains the remaining setup steps very well:
@santhirajumunganda - Thanks Raju. I was tried and followed this guide and in my demo tenant I could not see that data source to add that up. Is there something issue with my tenant or I missed any configuration in specific?