Skip to Content
0
Mar 31, 2020 at 02:00 PM

Can't authenticate against HTML-Mashup embedded SCP application in C4C

1125 Views Last edit Mar 31, 2020 at 02:40 PM 3 rev

Dear experts,

I wanted to extend SAP C4C with an SCP application hosted on CF. I have been following this guide: Extending SAP Cloud for Customer on Cloud Foundry Environment Manually

https://help.sap.com/viewer/462e41a242984577acc28eae130855ad/Cloud/en-US/1150e4395ba6487bad2a7164db7ea417.html

Everything works as expected, except authenticating with the extension application from the HTML Mashup in C4C.

If the user starts a new session with C4C through the configured IdP, the mashup cannot be displayed. The reason is that the SCP authentication service disallows display in an iframe by setting the header field X-Frame-Options: DENY. Since HTML mashups in C4C are embedded in iframes, loading the mashup fails.

Procedure which fails:

  1. User opens a new browser session (not logged into IdP)
  2. User opens C4C - gets redirected to IdP
  3. User logs into IdP, and gets redirected to C4C (authenticated)
  4. User opens screen with the HTML mashup in C4C
  5. Mashup iframe loads application page (through CF approuter)
  6. CF approuter redirects to CF authentification service https:// . authentication.eu10.hana.ondemand.com/oauth/authorize?response_type=code&client_id=sb-poc_oauth_c4c!t38354&redirect_uri= >
  7. Loading the authentication service in the HTML Mashup iframe fails:
    "Refused to display 'https:// . authentication.eu10.hana.ondemand.com/login' in a frame because it set 'X-Frame-Options' to 'deny'"

The message is correct:

X-Frame-Options: DENY will make the browser refuse to handle the redirect to the login on the SCP CF authentication service. SSO fails and the Mashup doesn't load.

Note: The mashup works fine if the user is already authenticated with SCP. So if the user visits the extension application (or any other application on SCP) first and authenticates, no redirection to the SCP authentication service occurs, and the mashup can load. This is obviously not a solution for a productive use case though.


1. Am I missing something here? I am confused how the concept described in the extension guide is ever supposed to work.

2. Has anyone made SCP extension with SSO work with C4C? Any advice?

Best regards,

Manuel

Attachments