We are using the AIP Classic Client to apply classification to documents.
We have an internal solution for gathering files to apply classification to and would like to automate the classification of these files.
A dev has created a PowerShell script that takes in a list of files and uses theSet-AIPFileLabelcmdlet to classify all the files passed to the script. We want to move this system into production however have encountered a roadblock.
In our production system, the service account we want to use doesnothavelog on locallypermissions. It is a service account and haslog on as batch rights. We just want to run the script on a windows task once every arbitrary amount of time.
Before you can use theSet-AIPFileLabelcmdlet, you must first set the aip token with theSet-AIPAuthenticationcmdlet.
This cmdlet is interactive, when an account can log into the machine, it can run this cmdlet with ease (obviously supplying the$WebAppId,$WebAppKey,$NativeAppIdvalues).
Obviously this interaction is interactive, I went digging the Microsoft docs and found the following pages (about the scanner, but hoping the principles transfer):
Copy that script to the server you want to set auth for
Create a windows task to call the script, make the service account run the script
Run the script, check the service account has a token
When i run the script, no script is created but a log file is generated. Inside is the following error:
One of two conditions was encountered: 1. The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user interaction was required. 2. An error occurred during a silent web authentication that prevented the http authentication flow from completing in a short enough time frame
I have passed the token and followed the microsoft documentation however it fails to set the token by what looks to me like an error in logic in the application.
The AIP Unified Labelling Client can set auth tokens on behalf of users, this issue affects only the classic client.