I am using the MIP SDK to try to decrypt rpmsg files. I have this working in my environment, but I cannot get it to work in my customer's environment. At this stage, the call to create a file handler fails with this log trace:
Error 2022-04-28 11:11:08.849 http_director_impl.cpp:258 LinkWorksite (2960) "HTTP operation failed Failed with: [AccessDeniedError: 'The service didn't accept the auth token. Challenge:['Bearer realm=""api.rms.rest.com"", authorization=""https://adfs.rrrrrrr.com/adfs/oauth2/authorize""']']" mipns::HttpDirectorImpl::OnHttpOperationFailed 4660
Error 2022-04-28 11:11:08.849 protection_engine_impl.cpp:797 LinkWorksite (2960) "Failed API call: protection_engine_create_consuming_protection_handler Failed with: [AccessDeniedError: 'The service didn't accept the auth token. Challenge:['Bearer realm=""api.rms.rest.com"", authorization=""https://adfs.rrrrrrr.com/adfs/oauth2/authorize""'], CorrelationId=c824d818-37ad-4309-b327-051da5e2f477, CorrelationId.Description=ProtectionEngine']" mipns::ProtectionEngineImpl::CreateProtectionHandlerForConsumption 4660
Warning 2022-04-28 11:11:08.849 common/api_utils.h:249 LinkWorksite (2960) "Start calling error callback for API: protection_engine_create_consuming_protection_handler" mipns::TryExecuteFailureCallback::<lambda_ee801bdedc20f37e6b5feb9b736714ff>::operator () 4660
Warning 2022-04-28 11:11:08.849 common/api_utils.h:251 LinkWorksite (2960) "Ended calling error callback for API: protection_engine_create_consuming_protection_handler" mipns::TryExecuteFailureCallback::<lambda_ee801bdedc20f37e6b5feb9b736714ff>::operator () 4660
Trace 2022-04-28 11:11:08.849 oneds_telemetry_delegate.cpp:40 LinkWorksite (2960) "OneDSTelemetryDelegate::WriteEvent(protection_engine_create_consuming_protection_handler)" mipns::OneDSTelemetryDelegate::WriteEvent 4660
Trace 2022-04-28 11:11:08.849 oneds_helper.cpp:293 LinkWorksite (2960) "OneDsHelper::WriteEvent(protection_engine_create_consuming_protection_handler)" mipns::OneDSHelper::WriteTelemetryEvent 4660
Info 2022-04-28 11:11:08.849 diagnostic_utils.cpp:73 LinkWorksite (2960) "Send Telemetry. Event Name : [protection_engine_create_consuming_protection_handler]
App.ApplicationId: [adfasefas-9023-4a44-9a5e-9369d10bdbb5], Pii: [None]
App.ApplicationName: [Link Documents MIP Integration], Pii: [None]
App.ApplicationVersion: [2.1.1], Pii: [None]
App.SessionId: [], Pii: [None]
Engine.SessionId: [], Pii: [None]
Event.CorrelationId: [c824d818-37ad-4309-b327-051da5e2f477], Pii: [None]
Event.CorrelationIdDescription: [ProtectionEngine], Pii: [None]
Event.Duration: [0.569734], Pii: [None]
Event.ErrorType: [AccessDeniedError], Pii: [None]
Event.Failed.File: [src\protection\api_impl\protection_engine_impl.cpp], Pii: [None]
Event.Failed.Func: [mipns::ProtectionEngineImpl::CreateProtectionHandlerForConsumption::<lambda_a8fc66003c9962d3cc715d8ff0880d0a>::operator ()], Pii: [None]
Event.Failed.Line: [727], Pii: [None]
Event.Failed.Message: [Failed to create protection handler. Failed with: [AccessDeniedError: 'The service didn't accept the auth token. Challenge:['Bearer realm=""api.rms.rest.com"", authorization=""https://adfs.rrrrrrr.com/adfs/oauth2/authorize""'], CorrelationId=c824d818-37ad-4309-b327-051da5e2f477, CorrelationId.Description=ProtectionEngine']], Pii: [None]
Event.ParentCorrelationId: [50c0b566-3e8c-4308-8518-6b0ee17ac510], Pii: [None]
Event.ParentCorrelationIdDescription: [ProtectionProfile], Pii: [None]
Event.UniqueId: [7805865d-bd65-4e0c-8097-5e36ca195739], Pii: [None]
EventInfo.Level: [10], Pii: [None]
EventInfo.PrivTags: [33554432], Pii: [None]
MIP.Version: [1.11.64], Pii: [None]
PL.KeyType: [Single], Pii: [None]
iKey: [ce9aa5fb5a414ecebb15af10715bd8ff-831d197e-fc97-4df6-b998-c8c13a0fc3ce-6768], Pii: [None]
" mipns::WriteTelemetryEventToLog 4660
Info 2022-04-28 11:11:08.849 protection_engine_impl.cpp:797 LinkWorksite (2960) "Ended API call: protection_engine_create_consuming_protection_handler" mipns::ProtectionEngineImpl::CreateProtectionHandlerForConsumption 4660
At first glance, it appears that the AD FS setup must be incorrect. However, I have gone back and forth through the documentation without any clear idea how this could happen. Any advice or experience with this issue and how to resolve it would be very helpful.
It turns out that the problem here was an expired "Trusted User Domain" certificate. Take a look here for a full explanation: