Skip to Content

SAP Cloud Platform . Java - AuthenticationHeaderProvider API - Setting Email as nameId

Hello,

I want to authenticate against the SAP Jam Rest API using the SAP Identity provider.

To forward the user that has logged in via the IDP I tried to use the

AuthenticationHeaderProvider API.

Sadly my Jam tenant returns a 401 Http Status.

The error message is:

com.sap.core.connectivity.apiext.impl.authentication.assertion.oauth.OAuthTokenGenerationException: Could not retrieve OAuth 2.0 access token for user C5*****

I know that SAP Jam needs the email address and not the the SAP user id to authenticate a user. I actually thought this was set by the "nameIdFormat" and "userIdSource" paramter of the DestinationConfiguration.

I followed this example to set up the DestinationConfiguration:

https://help.hana.ondemand.com/cloud_portal_flp/frameset.htm?1f122e4427fa4e36b93fcbac2864005a.html

If you have any suggestion how to fix this issue I would be very thankful.

Kind regards,

Jonas

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Apr 06, 2017 at 12:17 PM

    I figured out that this error is caused due to the configuration of the Identity Provider.

    The IDP sends the user Id instead of the E-Mail address as the name id.

    To fix this issue you need to get in contact with your identit provider administrator and ask him to change the settings accordingly.

    Add comment
    10|10000 characters needed characters exceeded