cancel
Showing results for 
Search instead for 
Did you mean: 

C4C to CRM integration using HCI Certificate-based Authentication - 403 Forbidden

rajiv_juarbal
Participant
0 Kudos

Hi Experts,

In reference from the discussion in this link (), we need suggestions on why we're getting 403-Forbidden error, what steps did we miss for our communication from C4C to CRM using HCI. 

We already imported the necessary certificates in the iFlows/SSL Server/Client PSEs signed by Entrust (which is one of the supported CAs and our communication from CRM to C4C certificate-based authentication configuration is working fine) for HCI. We also mapped the HCI client certificate to the CRM user that we created (CODINTEG). Service IDOC is also registered and activated (SICF and SRTIDOC).

Below are the roles assigned to the user CODINTEG, and the mapping of HCI client certificate in SM30 and also the certificates imported in our SSL Server PSE. Just a note that we're not using SAP webdispatcher as a reverse proxy here for our C4C to CRM connection.

Thanks in advance.

Regards,

Rajiv

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hello Rajiv,

for test purpose and for eliminating error reasosns caused by user authorization rights you could assign first SAP_ALL to your communication user. If this works, you should reduce the rights again to a minimum...

Goto SU01 and edit the user CODINTEG. Goto Tab Profiles and within F4 help tab "Composite Profiles" search for SAP_ALL.

Best regards,

Berthold


rajiv_juarbal
Participant
0 Kudos

Hi Berthold,

SAP_ALL is now added to the CRM user but it has the same response, 403-Forbidden.

Regards,

Rajiv

Pragya_Pande
Contributor
0 Kudos

Hello Rajiv,

Which scenario have you tried out?

Is that inbound to CRM OR outbound from CRM?

Can you try with more than 1 scenario and check?

As Berthold mentioned try ST01 trace and post more information here...

Best Regards,

Pragya

rajiv_juarbal
Participant
0 Kudos

Hi Pragya,

This is for C4C to CRM, my CRM to C4C scenario is working fine. We have yet to get the ST01 trace as I'm not quite familiar about this trace, I will let our basis know about this.

Regards,

Rajiv

Pragya_Pande
Contributor
0 Kudos

Dear Rajiv,

Please check two things -

1.Is there a port opened on ERP for inbound communication? If not then open it.

2.By any chance, has the same HCI certificate been uploaded for any other user ID in the CRM system?- I think system does not crib if you do that so may be a different user is being picked up.

3.Check the ICM trace on CRM once.

Best Regards,

pragya

rajiv_juarbal
Participant
0 Kudos

Hi Pragya,

1. Yes, there is, CRM inbound communication is working fine when using basic authentication.

2. No, this certificate is only mapped to one user.

3. We'll check on this.

Regards,

Rajiv