Skip to Content
author's profile photo Sebastian Esch
2
Sebastian Esch
Jul 15, 2020 at 04:18 PM

Requests to on-premise destination in CAP Application fail with timeout from Connectivity Proxy

758 Views Last edit Jul 15, 2020 at 04:40 PM 3 rev

Hi CAP community,

I have created a simple CAP Node.js application that uses an external service from an on-premise SAP Gateway system. When I run the application locally with the destination configured directly in default-env.json, everything works fine.

I have deployed the MTA of the application, which created instances for XSUAA, Destination and Connectivity services to connect the application from SCP via Cloud Connector to the on-premise system.

Running the same request on SAP Cloud Platform the log output indicates that the destination is found and the connectivity service is used, but the connection to the proxy on SAP Cloud Platform fails with a timeout.

{"message":"Sucessfully retrieved destination from destination service.","level":"info","custom_fields":{"package":"core","messageContext":"destination-accessor"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-07-15T15:56:57.858Z","msg":"Sucessfully retrieved destination from destination service.","written_ts":1594828617858,"written_at":"2020-07-15T15:56:57.858Z"}
{"message":"OnPrem destination proxy settings from connectivity service will be used.","level":"info","custom_fields":{"package":"core","messageContext":"proxy-util"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-07-15T15:56:57.858Z","msg":"OnPrem destination proxy settings from connectivity service will be used.","written_ts":1594828617858,"written_at":"2020-07-15T15:56:57.858Z"}
{"message":"Unable to match a specific XSUAA service instance to the given JWT. The following XSUAA instances are bound: ida-odata-proxy!t3647. The following one will be selected: ida-odata-proxy!t3647. This might produce errors in other parts of the system!","level":"warn","custom_fields":{"package":"core","messageContext":"environment-accessor"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-07-15T15:56:57.859Z","msg":"Unable to match a specific XSUAA service instance to the given JWT. The following XSUAA instances are bound: ida-odata-proxy!t3647. The following one will be selected: ida-odata-proxy!t3647. This might produce errors in other parts of the system!","written_ts":1594828617859,"written_at":"2020-07-15T15:56:57.859Z"}
{"message":"Unable to create \"SAP-Connectivity-Authentication\" header: no JWT found on the current request.\n    Continuing without header. Connecting to on-premise systems may not be possible.","level":"warn","custom_fields":{"package":"core","messageContext":"connectivity-service"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-07-15T15:56:58.115Z","msg":"Unable to create \"SAP-Connectivity-Authentication\" header: no JWT found on the current request.\n    Continuing without header. Connecting to on-premise systems may not be possible.","written_ts":1594828618115,"written_at":"2020-07-15T15:56:58.115Z"}
{"message":"OnPrem destination proxy settings from connectivity service will be used.","level":"info","custom_fields":{"package":"core","messageContext":"proxy-util"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-07-15T15:56:58.116Z","msg":"OnPrem destination proxy settings from connectivity service will be used.","written_ts":1594828618116,"written_at":"2020-07-15T15:56:58.116Z"}
Error while executing custom handler: READ on ProxyService.SalesOrders
[2020-07-15T15:58:13.332Z | ERROR | 1727261]: connect ETIMEDOUT 3.124.208.223:20003
[2020-07-15T15:58:13.332Z | ERROR | 1727261]: Error stacktrace: Error: connect ETIMEDOUT 3.124.208.223:20003     at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1137:16)

The destination for the on-premise system is setup to use Basic Authentication. Therefore I hope that the missing SAP Connectivity Authentication header is not preventing the request from passing the SCP Proxy to the Cloud Connector.

Is using an App Router in this scenario mandatory?