Skip to Content
0

How to test OAuth 2.0 enabled SAP OData service from POSTMAN Native application?

May 29 at 10:55 AM

147

avatar image

Hello everyone,

We are using SAP NW 7.40 SP12 system and want to test SAP OData service with OAuth 2.0 authentication and grant type as SAML 2.0 Bearer Assertion (Client Credentials). We have successfully tested grant type Authorization Code from POSTMAN Native application version: 6.1.3

Below is the SAP SCN Wiki page we referred for configuration.

"https://wiki.scn.sap.com/wiki/display/Security/Using+OAuth+2.0+from+a+Web+Application+with+SAML+Bearer+Assertion+Flow"

Also configured ADFS 4.0 as "OAuth 2.0 Identity Provider" in transaction SAML2. JWT Token is getting generated but when we use that token with OData service it gives 401 unauthorized error. Please refer below screenshots from POSTMAN.

Please guide us to resolve this as we are newbie in this particular topic.

Thanks,

Jagrut

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Wolfgang Janzen
Jul 11 at 09:46 PM
0

ABAP does not allow to use an external OAuth2 Authorization Server (in your case: MS ADFS 4.0, issuing JWT).
ABAP acting as Resource Server only accepts it's own OAuth2 Access Tokens (which are not JWTs).

You have mentioned that you've successfully used POSTMAN with the OAuth2 Authorization Code Grant.
In that case you've submitted the request to the authorization endpoint of ABAP's OAuth2 Authorization Server receiving a HTML Response for the interactive scope approval; afterwards the redirect to the redirect URL of the registered OAuth2 client was triggered; the OAuth2 client then was using his Client credentials and the obtained authorization code token for obtaining the desired OAuth2 Access Token (issued by the ABAP server).

For the SAML Bearer Grant you have request an OAuth2 Access Token from the token endpoint of ABAP's OAuth2 Authorization Server, providing Client credentials of a registered OAuth2 Client and a valid SAML Bearer Token (which might be created by MS ADFS 4.0). For this to work you have to establish a SAML trust between that SAML token issuer and the ABAP System (acting as SAML consumer).

Actually that's all described on

https://wiki.scn.sap.com/wiki/display/Security/Using+OAuth+2.0+from+a+Web+Application+with+SAML+Bearer+Assertion+Flow

I hope that this Information helps you to resolve the problem.

Best regards, Wolfgang

Share
10 |10000 characters needed characters left characters exceeded