cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

403 Forbidden error when connection to HCI tenant

Go to solution
former_member599686
Explorer

on ‎01-04-2019 6:48 AM

0 Kudos

Hello Experts,

I was trying an http to mail scenario on a HCI tenant.

I am using postman to connect to the HCI tenant and I get 403 forbidden error.

I have checked the role for my SID and I can see ESBMessaging.send is assigned to my SID for iflmap application.

I am using a basic auth on postman and I am using a POST to connect to the endpoint .

I am using the end point mentioned in the Manage Integration Content in HCI.

Am I missing something?

Appreciate your support

Advit

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Sriprasadsbhat
Active Contributor
‎01-05-2019 5:34 AM
0 Kudos

hey forget to add the link to blog.

https://blogs.sap.com/2016/09/29/connect-gmail-from-hci/

Can you try to untick the CSRF protected once and try to hit it from POSTMAN.

Regards,

Sri

Show replies
Show replies
former_member599686
Explorer
‎01-05-2019 9:19 AM

Thanks a lot, Sri

Appreciate your support. I followed the instruction in the blog and added the TLS certificate in the key store and unchecked CSRF protected in the sender adapter .

Regards

Advit

Answers (3)

Answers (3)

Sriprasadsbhat
Active Contributor
‎01-05-2019 2:33 AM
0 Kudos

Hello Advit,

Please refer below blog which might help you.Also please import the certificate chain from Gmail to SAP CPI keystore then it should work.

For 403 forbidden error could you please share iflow snapshot with HTTP channel details and what you are trying to post from POSTMAN.

Regards,

Sriprasad Shivaram Bhat

Show replies
Show replies
former_member599686
Explorer
‎01-05-2019 5:03 AM
0 Kudos

Hello Sri,

Can you please let me know the blog you are referring to.

I am trying to post the below. I am using basic authentication, where I provide my SID and password

http-sender-adapter.jpg

postman.jpg

Thanks

Regards

Advit

Sriprasadsbhat
Active Contributor
‎01-04-2019 12:50 PM
0 Kudos

Hello Advit,

Cab you check the logs .It seems to be error wihikw connecting to your email server (if messages are already seen in monitoring).

Are you trying to connect to gmail?

Regards,

Sriprasad Shivaram Bhat

Show replies
Show replies
former_member599686
Explorer
‎01-04-2019 8:47 PM
0 Kudos

Hello Sri,

I am trying to send an email to a gmail account.

the error log

Error = javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It is quite strange because I am connecting to SMTP server smtp.gmail.com and the corresponding TLS port 587. I have also enabled Less secure app access in Gmail security settings.

Another thing to note is that there is only a trace in the monitoring when I access the endpoint through a browser where I enter the endpoint and provide my SID to log in. When I try POST the endpoint through postman I get 403 forbidden error.

Appreciate your support

Regards

Advit

Sriprasadsbhat
Active Contributor
‎01-04-2019 9:29 AM
0 Kudos

Hello Advit,

3 Quick checks you can perform

1) Authorization ( ESBMessaging.send is assigned to your user on iflmap node ).- Hope this you have already cross checked.

2) Go to Monitoring and check whether iflow is started or its on error.

3) Check whether you are hitting correct end point url.

Regards,

Sriprasad Shivaram Bhat

Show replies
Show replies
former_member599686
Explorer
‎01-04-2019 9:55 AM
0 Kudos

Hello Sri,

1) It is set to the iflmap node.

2) I can see the below error message when I check monitoring. Please note this was not there before . When I tried the end point on the browser and logged in with my SID I could see the below error trace.

com.sap.it.rt.adapter.http.api.exception.HttpResponseException: An internal server error occured: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. The MPL ID for the failed message is : AFwvHtsd7pUnizfMFHH0ciNQOFuM For more details please check tail log.

I was going through your response in the below link to make sense. But so far I have not got to the bottom of this .

https://answers.sap.com/questions/77822/sap-hci-integration-flow-soap-to-odata-following-e.html

3) I believe this is the right end point as I can see error traces in monitoring.

Thanks for your help

Regards

Advit

Ask a Question