Skip to Content
0

Principal Propagation not working with SAML MAFLogon IOS

Nov 17, 2016 at 08:17 AM

136

avatar image

Hi Experts,

I struggle to retrieve Data from a SAP Backend via HCPMS on Principal Propagation on a native Application. When I change to Basic Auth in HCPMS it works.

It looks to me like the registration/usercredentials are not properly passed on my requests.

I set the the defaults according to HelpSAPSAML.

Logon is successful and I can open a SODataOnlineStore but when I try to request data on that store (store.scheduleRequest method) the following happens:

Entries there wont change anything and if i Cancel the backend asks me for credentials.

No matter what I enter here the backend returns a 401 not authorized.

This is how the logonManager.registrationData() looks like:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; min-height: 13.0px} span.s1 {font-variant-ligatures: no-common-ligatures} span.Apple-tab-span {white-space:pre}

<HttpConversationManager: 0x17013fa40>

AppId: de.demo.n

IsHttps: YES

Host: mobilepreview-xxxxxxx.hana.ondemand.com

Port: 443

SecConfig:

FarmId:

Domain: default

ResourcePath:

GatewayClient:

GatewayPing: sap/bc/ping

Username:

Password: (null)

MobileUser: (null)

ActCode: (null)

CommunicatorId: idMAFLogonCommunicator_SMPHTTPREST

AppEndPoint: https://mobilepreview-xxxxxxx.hana.ondemand.com:443/de.demo.n

ConnData: {

keyMAFLogonConnectionDataApplicationSettings = {

AndroidGcmPushEnabled = 0;

AndroidGcmRegistrationId = "";

AndroidGcmSenderId = " ";

ApnsDeviceToken = "";

ApnsPushEnable = 0;

ApplicationConnectionId = "e856d5f3-f05xxxx99dxxxxxxxxx";

ApplicationVersion = "1.0";

BlackberryBESListenerPort = 0;

BlackberryDevicePin = "";

BlackberryListenerType = 0;

BlackberryPushAppID = "";

BlackberryPushBaseURL = "";

BlackberryPushEnabled = 0;

BlackberryPushListenerPort = 0;

CollectClientUsageReports = 0;

ConnectionLogLevel = NONE;

CustomCustom1 = " ";

CustomCustom2 = " ";

CustomCustom3 = " ";

CustomCustom4 = " ";

CustomizationBundleId = "";

DeviceIMSI = "";

DeviceModel = "";

DevicePhoneNumber = "";

DeviceSubType = "";

DeviceType = iOS;

E2ETraceLevel = Low;

ETag = "2016-11-17 07:32:11.0";

EnableAppSpecificClientUsageKeys = 0;

FeatureVectorPolicyAllEnabled = 1;

FormFactor = "";

InAppMessaging = 0;

LogEntryExpiry = 7;

MaxConnectionWaitTimeForClientUsage = 30;

MpnsChannelURI = "";

MpnsPushEnable = 0;

PasswordPolicyDefaultPasswordAllowed = 1;

PasswordPolicyDigitRequired = 0;

PasswordPolicyEnabled = 0;

PasswordPolicyExpiresInNDays = 0;

PasswordPolicyLockTimeout = 300;

PasswordPolicyLowerRequired = 0;

PasswordPolicyMinLength = 8;

PasswordPolicyMinUniqueChars = 0;

PasswordPolicyRetryLimit = 10;

PasswordPolicySpecialRequired = 0;

PasswordPolicyUpperRequired = 0;

ProxyApplicationEndpoint = "https://mobilepreview-xxxxxxxxx.hana.ondemand.com:443/de.demo.n";

ProxyPushEndpoint = "";

PublishedToMobilePlace = 0;

UploadLogs = 1;

WnsChannelURI = "";

WnsPushEnable = 0;

};

}

Thanks,

Daniel

file-000.png (31.3 kB)
file-000.jpeg (87.3 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

6 Answers

Jamie Cawley
Nov 30, 2016 at 01:52 PM
0

Principle propagation requires some configuration steps on the cloud connector. You can find more info at

https://help.hana.ondemand.com/help/frameset.htm?d0c4d5675d4f4bc78a5b7a7b8687c841.html

Regards,

Jamie

SAP - Technology RIG

Share
10 |10000 characters needed characters left characters exceeded
Daniel Endres Dec 02, 2016 at 07:23 PM
0

Hi Jamie,

Principal Propagation itself is setup and working.

For example if we use the App via Web or the Fiori Client, the Cloud Identity Service opens and authenticates through our SAP.

But via hcpms it wont work.

The services are trusted so I don't know where the missing link is.

Best regards,

Daniel


hcc.png (118.5 kB)
Share
10 |10000 characters needed characters left characters exceeded
Jamie Cawley
Dec 05, 2016 at 02:44 PM
0

How is the app configured in hcpms?

Regards,

Jamie

SAP - Technology RIG

Share
10 |10000 characters needed characters left characters exceeded
Daniel Endres Dec 07, 2016 at 09:34 AM
0

These are the settings:

Information:

BackEnd:

With these settings the app shows an password request. When i change to the SSO Mechanism to Basic Authentication and Hard enter my username/ password I can retrieve the data.


config01.png (74.6 kB)
config02.png (60.5 kB)
config03.png (42.0 kB)
Share
10 |10000 characters needed characters left characters exceeded
Jamie Cawley
Dec 14, 2016 at 02:11 PM
0

In the cloud connector principle propagation menu, do you have sapmobile:hcpms enabled for trust?

Regards,

Jamie

SAP - Technology RIG

Share
10 |10000 characters needed characters left characters exceeded
Daniel Endres Dec 15, 2016 at 03:25 AM
0

There is no sapmobile:hcmps in our hanacloud since it is not a trial but a production cloud instance.

But there are the following settings which I thought enable trust for the apps for mobile/mobilepreview.


hcc-trust.png (13.6 kB)
Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hello Daniel,

Were you able to find solution for your issue?

Regards,

JK (Moderator)

0