on 03-25-2019 3:33 PM
I'm trying to set up REST on Tomcat instead of WACS. It mostly works, but I'm noticing a difference in authentication that is causing a problem,
I need to support SSO as well as logon via token. In WACS, this works fine. But in Tomcat, a call to /logon/token produces a 401 error. It appears that it is attempting to do an SSO logon first, prior to my token logon.
How can I configure biprws on Tomcat to NOT do a challenge/response authentication when /logon/long or /logon/token is used?
Hi Joe,
Yes, I think its worth looking into sooner rather than later. If it is a limitation that cannot be worked around, then we will find out for sure, but I still think that logon/token and logon/long should be usable in an application even when adsso is configured
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joe,
I believe you should be able to get a response when calling /logon/long and the fact that it is not working through REST on Tomcat, is a defect.
Can you create a ticket with Support outlining your requirements and observations so this can be submitted for a fix rather than an enhancement?
Dan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your reply, Dan.
Just to be clear -- /logon/long does work in a browser, since the browser can respond to the authentication challenge. It just doesn't work in other application (ex. Java) that can't respond to the authentication challenge. WACS only demands authentication on /logon/adsso.
Do you still think this is a defect?
I confirmed that when SSO is enabled, biprws-on-Tomcat applies the authentication filter to the entire directory tree, and not just /biprws/logon/adsso as it is in WACS. This prevents me from using biprws on Tomcat to support SSO and non-SSO connections.
I submitted an enhancement request to fix this: https://influence.sap.com/sap/ino/#/idea/228582
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Supported Authentication types are same in Tomcat and WACS.
Configuration steps are different :
https://blogs.sap.com/2017/12/15/bi-platform-rest-sdk-rws-in-boe-4.2/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The error occurs when I try calling the API programmatically. The initial call to /biprws/logon/long returns a 401 (unauthorized).
When I try to connect to /biprws/logon/long via browser, it works. But in Fiddler I see that Tomcat is returning a 401, followed by a 200. When I connect to WACS instead, I just get the 200 response, which is what I expect.
It seems that in WACS, only the /logon/long/adsso page invokes the challenge/response, but in Tomcat it's the entire directory.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.