Question & Answer
Question
Clarification on questions about how MS SharePoint connector works in ACE.
As per documentation on usage of MS SharePoint in ACE, we can observe 2 methods are available
- Provide credentials for App Connect to use (BASIC OAUTH)
- Provide credentials for App Connect to use (SAML)
1) When using the Basic Oauth option, using Postman (or an equivalent tool), we can obtain the needed access token and refresh tokens from Azure AD, and then paste these into the configuration screen (together with SharePoint URL, Client ID and Client Secret).
Now in Azure AD, access tokens typically expire every 60-75 minutes, and refresh tokens (outside of Single Page Apps) have an expiry of 90 days.
In typical Oauth2 fashion, the refresh token can be used to generate a new access token (when it expires) which in turn also includes an auto-renewal of the refresh token.
See" When a client acquires an access token to access a protected resource, the client also receives a refresh token."
as outlined in https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens
Our specific questions are as follows:
a) Behind the scenes, does the IBM ACE SharePoint connector proactively interact with Azure AD to automatically request and use new access tokens (when they expire, or just before they expire every 60-75 minutes)?
b) Behind the scenes, does the IBM ACE SharePoint connector store the newly generate refresh token each and every time a new access token is obtained, and so ultimately we end up with a rolling 90-day expiry of the refresh token that keeps extending out and out as the integration flow is used each day?
c) Or does the IBM ACE SharePoint connector just keep the original refresh token pasted initially by the developers, in which case it will expire every 90 days, and thus require manual operational tasks to generate and paste into a new one circa 4 times per year (i.e. every 89 days!)?
2) Separately, we like the simplicity of the "Provide credentials for App Connect to use (SAML)" option, whereby we simply provide an appropriate username and password as authentication, which in turn will under the covers send an authentication request to Azure AD, ultimately retrieving a SAML token from Azure AD for subsequent presenting with the SharePoint requests. In the same vein as my earlier questions, does the IBM ACE SharePoint Connector automatically deal with the renewal of such SAML tokens if/when they expire, submitting the stored username/password behind the scenes to obtain new SAML tokens, all hidden and seamless to the Integration flow?
3) There seems to be limited documentation on these authentication aspects of the IBM ACE SharePoint connector. Are there more articles or documentation about this Connector?
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"ARM Category":[{"code":"a8m0z0000008ZykAAE","label":"ACE-\u003EConnectivity"},{"code":"a8m3p000000PCSmAAO","label":"ACE-\u003EDiscovery Nodes"}],"ARM Case Number":"TS017629060","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
28 April 2025
UID
ibm17174344