Skip to Content

OAuth 2.0 to Cloud Portal to assign SAP Cloud Platform Catalogs to PFCG Roles

Hello SAP Cloud Platform Portal Service Experts,

I’m trying to use the functionality “Assign SAP Cloud Platform Catalogs to PFCG Roles” and did the described setup “Establish a Connection Between ABAP and SAP Cloud Platform” to get an OAuth 2.0 Token. The Token is received successfully (Traced via SICF Recording) but when I then try to access the API URL i.e. https://flpnwc-a5a504e08.dispatcher.hana.ondemand.com/fiori/api/oauth2/v1/services/contentprovider/catalogs/ I do not get the result of the non OAuth URL https://flpnwc-a5a504e08.dispatcher.hana.ondemand.com/fiori/api/v1/services/contentprovider/catalogs/ but instead a response to do a SAML Authentication. I currently think that perhaps a different URL had to be used.

Update 2017-11-07:

Reading the documentation Revoke OAuth Access Tokens I've checked the created tokens and found that the Tokens that are issued using grant_type=client_credentials does not contain a User:

I would have expected here the User that created the OAuth Client with Authorization Grant: Client Credentials in the SCP Cockpit. Reading further in the documentation OAuth 2.0 Client Credentials Grant I've discovered that I have to assign a "user" created with the the pattern oauth_client_<client ID> to the required Role. I've made my OAuth User the TENANT_ADMIN but that didn't change the behaviour.

The Documentation “Establish a Connection Between ABAP and SAP Cloud Platform” mentions a "landscape host name". The closest that I can find in this regards is Regions and Hosts. But when I use the provided Pattern for the Target Host:

<application name>-<subaccount name>.<landscape host name>

The result is:

flpnwc-a5a504e08.hana.ondemand.com

When I use that and request https://flpnwc-a5a504e08.hana.ondemand.com/fiori/api/oauth2/v1/services/contentprovider/catalogs/ I get the error message:

"No server is available to handle request for this tenant a5a504e08, or the application is temporarily down for maintenance. Excuse us for the inconvenience."

Hope someone can share some insights.

Berst regards
Gregor

P.S.: Is there any documentation for the Portal Service API?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Oct 27, 2017 at 05:13 AM
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 29, 2017 at 06:29 PM

    Hi,

    API documentation: SAP Cloud Platform Portal Service - SAP Fiori Cloud API, in the official SAP API Business Hub.

    Regards,

    Guy.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 31, 2017 at 03:21 PM

    Hi Gregor,

    The API which you are referring to is an internal one, and it is used by the portal application in FLP, and that's the reason for the SAML authentication request.

    Guy sent you earlier the list of Portal's public API, which are available for your use.

    If you need additional assistance, kindly elaborate your use case (e.g. why are you trying to call the API directly?)

    Best Regards,

    Boaz

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 08, 2017 at 08:07 AM

    Hello Everyone,

    after a lot of investigation I've found a solution:

    As the OAuth Client is created for the Subscription portal/nwc I've navigated in the SCP Cockpit to Applications -> Subscriptions -> Subscribed Java Applications -> nwc and there I got a list of Applicaiton URL's. As the /fiori path which is the start of the API URL is also listed there I've replaced the URL:

    https://flpnwc-a5a504e08.dispatcher.hana.ondemand.com/

    that I've always used because that is documented for the SCP Portal API on SAP API Business Hub (https://api.sap.com/shell/discover/contentpackage/SAPCLOUDPLATFORMPORTAL?section=OVERVIEW) with the URL:

    https://cloudnwcportal-a5a504e08.hana.ondemand.com/

    And guess what, now the OAuth Authentication works just like a charm. Hope that now the documentation gets corrected as soon as possible so that other customers do not run into this issue.

    Best regards
    Gregor Wolf

    Add comment
    10|10000 characters needed characters exceeded