I am creating a side-by-side extension using standard CDS view I_StorageLocation. I have done following setting :
1.Created a created a custom CDS view YY1_PlantStorageLocation
2.Created a custom communication scenario YY1_PLANTSTORAGELOCATION_CDS
3.Created following communication arrangement :
I have created a destination in SAP BTP with SSO Mechanism “OAuth2 SAML Bearer Assertion”. I have observed following :
- I have maintained “YY1_PLANTSTORAGELOCATION_CDS_0001” in BTP destination Scope, got following error: "error":"invalid_scope","error_description":"Requested OAuth 2.0 scope exceeds the scope granted by the resource owner or OAuth 2.0 client. Make sure that both have access to the scopes requested. For more information consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545"
- Then I tried by maintaining “/IWFND/SG_MED_CATALOG_0002 YY1_PLANTSTORAGELOCATION_CDS_0001” in BTP destination Scope, got following error:Finished sending GET request to back end https://XXXXX-api.s4hana.ondemand.com/sap/opu/odata/sap/YY1_PLANTSTORAGELOCATION_CDS/?$format=json in 88 ms. HTTP status from the back end is 403.
Please note following points :
- The communication system does not seems to have any issue as the same is used in other communication arrangement, it work fine.
- BTP Destination created with “OAuth2 SAML Bearer Assertion” for standard communication scenario ID such as SAP_COM_0108 work fine for me. This confirming that my approach for SSO is fine.
- Correct me if I am wrong, the CDS view also set with “Protection : Not required”, hence user does not required any additional authorization.
- The CDS view work fine for BTP destination with Basic Authentication.
This is the first time I am creating destination for CDS view with “OAuth2 SAML Bearer Assertion”. Looks like I am missing some setting required to CDS view with SSO. Any help on this issue would be much appreciated. Thanks