cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Call to business rules runtime return html with "Your browser does not support..."

Go to solution
SaschaS
Participant

on ‎07-17-2018 11:51 PM

0 Kudos

Hi,

I want to call the URL https://bpmrulesruntimerules-XXXX.hana.ondemand.com/rules-service/v1/rules/invoke?rule_service_name=... within postman via post. Header has two keys: X-CSRF-Token (fetched with first call) and Content-Type (application/json).

As result I get:

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, shrink-to-fit=no"> <meta http-equiv="pragma" content="no-cache" /> </head> <body style="background-color:#FFFFFF" onload="var url=window.location.hash;if(url&&0!==url.length){var anchorCookie='oucrsrcmlaexnzkotbxsjsdis_anchor="'+encodeURIComponent(url)+'"';document.cookie=anchorCookie}document.forms[0].submit()"> <p> <script language="javascript">document.write("Please wait ...");</script> </p> <noscript> <p>Note: Your browser does not support JavaScript or it is turned off. Press the button to proceed.</p> </noscript> <form method="post" action="https://XXXXXX.accounts.ondemand.com/saml2/idp/sso/XXXXXX.accounts.ondemand.com"> <input type="hidden" name="SAMLRequest" value="PEF1dGhuUmVxdWVzdCB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpuczI9InVybjpvYXNpczpuYW1lczp0Yzp

Is there something special I need to configure in the IdP ?

@muralidaran.shanmugham2, archana.shukla do you have an idea?

Thanks, Sascha

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

gregorw
Active Contributor
‎07-18-2018 10:33 AM

Hi Sascha,

in addition to the Headers:

X-CSRF-Token (fetched with first call)
Content-Type (application/json)

you still have to send the Basic Authentication Authorization header with your SCP Username & Password. The CSRF should not be mixed up with a i.e OAuth Bearer Token.

Best regards
Gregor

Show replies
Show replies

Answers (3)

Answers (3)

qmacro
Developer Advocate
Developer Advocate
‎07-18-2018 8:25 AM

Hi again Sacha - there's a couple of things. First, the URL structure for invocation that you have is the "old" version. The new one looks like this (see the info in the API hub here: https://api.sap.com/api/SAP_CP_BusinessRules_Runtime):

https://bpmrulesruntimebpm-XXXXXX.hana.ondemand.com/rules-service/rest/v1/rule-services/java/<projec...;

The second thing is more speculative. It's hard to tell from the context that you supply, but I'm guessing what you have might be the result of not contextualising the CSRF token you've received. Have a look at this answer (and reference to a post I wrote that mentions cookies in the context of CSRF tokens) here: https://answers.sap.com/questions/563171/why-the-business-rules-invoke-rule-service-need-co.html?chi... and perhaps that will help.

Show replies
Show replies
guigui
Employee
Employee
‎12-03-2018 5:12 PM
0 Kudos

Hi gentlemen,

I'm experiencing the same issue when I use the API directly on API Business Hub whereas it's working with postman.

Using API business Hub, Authentification et Authorization are configured when I defined the environment on which one I want to work.

Thanks in advance for your support,

Guillaume

Show replies
Show replies
pjcools
Active Contributor
‎06-11-2019 1:08 PM
0 Kudos

I'm getting the same issue. I would log this as a separate question as this has been answered already. Not sure if you ended up working this out - if you did probably should provide what you did to fix this.

SaschaS
Participant
‎07-18-2018 3:59 PM
0 Kudos

Thanks a lot for your answers. We just had an awesome session with @gregorw and he solved the problems and showed us how to invoke the service. Kind regards, Sascha

Show replies
Show replies
gregorw
Active Contributor
‎07-18-2018 4:23 PM
0 Kudos

But the question still remains. Why does the basic authentication work with the SAP-ID User even if the SCP IA Service is configured as the default Application IdP.

Ask a Question