Skip to Content

UI5 App without authentification shows popup in browser (HTTP 401) due to call of /sap/bc/lrep

Mar 09 at 01:30 PM


avatar image

I would like to host a UI5 App without authentification. The app works well in Fiori Launchpad and via the direct link to the service in my user context.

To achieve it without authentification I entered a system user in the corresponding SICF services for the UI5 and the OData service. (like described here:

Example for the UI5 service:

Now I can call my two services without authentification:



But the problem is that the browser shows a logon window like this:

As I found out this is caused by a call to sap/bc/lrep/flex/data/com.yourcompany.z_system_info.Component

All other resources are loaded fine and when I abort the message I can use the app without problems.

I thought about a problem with the CSRF Token, but the entry ~CHECK_CSRF_TOKEN=0 in the GUI_CONFIGURATION of the service as mentioned in the linked article did not change anything.

So I got the idea to switch the logon error page for the lrep service from explicit to system logon:

The result is that instead of a 401 the call gets back with a 200 status and a page where the user normally should log on:

But because it is loaded in the background it will never show up to the user.

I am aware that this is just a dirty workaround, so I would be interested if someone got the same problem or if there is a better solution to this problem? (Especially without modifying the lrep service.)

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers