Skip to Content
avatar image
Former Member

IDM Attestation Implementation Issues

We are using IDM 7.2 SP 10 (7.20.10-ORA-2016-01-24) in a Sandbox environment. All components have been upgraded to this level by our Basis team. We have been trying unsuccessfully to implement Attestation for IDM Roles/Privs for almost a year now.  I have followed this blog post from Rosen Katsarov with some success, but we are still missing some pieces.

SAP Identity Management Attestation Demo Web UI

We have created the Attestation Task and configured as described in the blog.  We also created a job that initiates the task for a single role.  This all appears to work exactly as intended.  When I run the attestation job the following appears in the mxi_attestation table.  I believe this is what is to be expected.

This is where the problem comes in.  The blog mentions a custom .SCA file that can be downloaded and deployed.  This .SCA file adds a 'My Attestation' tab to the SAPUI5 Inbox.  The problem is the .SCA file is no longer available for download on this blog.  The blog appears to be locked because I can't post a comment nor have I found a way to contact Rosen directly to get the .SCA file.  So I have not been able to pursue that option for the UI.

One thing I find peculiar is that when I run the job the Attestation task it actually pops up in the My Approvals tab of the SAPUI5 as seen below.  It shows an error when you try to open it:  "Unable to launch execution UI 2x28; Not Found" or click Attest: "Attest Action for "Role/Privilege IDM Test 5 Attestation" task has failed".

We have had a note open with SAP for almost a year now where we keep going back and forth and they have been less than helpful.  This was SAP's response concerning the error on the My Approvals tab:

SAP Identity Management User Interface for HTML5 does not support attestations.  Therefore, you cannot Attest or Request Attestation from our SAPUI5 Application. You can use attestation functionality only from our REST API". 

My question is, why would it appear on the My Approvals tab if it is not expected to work?  Is this something that was added to the SAPUI5 functionality and the person who answered this question was unaware?  Or do they just expect that errors will be seen any time an Attestation task is initiated?  I still haven't gotten an answer from SAP on that.

The way I see it, we have 3 options to continue our POC for Attestation.

  1. Obtain the .SCA file from Rosen's blog that will show the My Attestations tab on the SAPUI5 screen
  2. Resolve the error on the My Approvals tab of the standard SAPUI5 screen such that attestations can be completed there.
  3. Develop Custom REST API that allows us to do Attestation.  '

a. I have experimented with this approach as well.  I have attempted to use a custom REST interface deployed from my Local Workstation but I'm running into issues with Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource.  Neither my Basis Team, Developers, or SAP has been able to help me with this problem.  I can provide more details on this if it is my only option.  But it seems like the least desirable of the 3 and the one that requires the most work.

Can anyone out there provide some input on any or all of these options?  Has anyone actually successfully implemented Attestation that could provide some guidance?  It feels like we are so close, but I'm not sure where else to go from here.

pastedImage_1.png (11.8 kB)
pastedImage_7.png (41.4 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    May 10, 2016 at 03:34 PM

    Hi Courtney,

    I am successfully able to implement attestation and unfortunately there is no other option apart from Option 3.

    You need to get UI developed using REST API URI's as given in attestation document and process the results with one IdM task.

    Let me know in case of any questions.

    Regards

    Deepak

    Add comment
    10|10000 characters needed characters exceeded