Skip to Content

SCP Odata authentication issue with custom IAS tenant

Hi everybody,


I'm facing an issue when calling an oData Provisioning service. When calling the service inside my Sap cloud integration(SCI) IFLOW with authentication method BASIC (username / password), I get a http page (http code 200) in response:

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, shrink-to-fit=no">
        <meta http-equiv="pragma" content="no-cache" />
    </head>
    <body style="background-color:#FFFFFF" onload="var url=window.location.hash;if(url&&0!==url.length){var anchorCookie='XYZ="'+encodeURIComponent(url)+'"';document.cookie=anchorCookie}document.forms[0].submit()">
        <p>
            <script language="javascript">document.write("Please wait ...");</script>
        </p>
        <noscript>
            <p>Note: Your browser does not support JavaScript or it is turned off. Press the button to proceed.</p>
        </noscript>
        <form method="post" action="https://XYZ.accounts.ondemand.com/saml2/idp/sso/XYZ.accounts.ondemand.com">
            <input type="hidden" name="SAMLRequest" value="XYZ....."/>
            <input type="hidden" name="RelayState" value="XYZ...."/>
            <noscript>
                <input type="submit" value="Continue"/>
            </noscript>
        </form>
    </body>
</html>

When calling the same service in my browser I get forwarded to the SCP Login Page and redirected to the service after authentication with user name and password. This works fine.

The specialty in this environment is that the SCP has its own IAS tenant, which is used to manage and authenticate users.

What methods of authentication are supported in this scenario? Is basic authentication possible at all?

Thanks and

best regards,

Sven

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    Posted on Feb 15, 2019 at 08:57 PM

    Dear Sven,

    I would add and correct my previous reply. Basic Authentication is not an option by default in case of IAS tenant, but it can be requested as SAP Help descibes: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/e637f62abb571014857cb0232adc43a7.html

    See information under "Declarative Authentication" section.

    Regards,

    Barnabás

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 11, 2019 at 08:46 PM

    Dear Sven,


    The error "Your browser does not support Javascript" is caused by the fact that the application/service providerthis requires SAML token via the IAS IDP but obviously can not receive it since the authentication is set to basic. IAS functioning as an IDP does not support basic authentication only SAML assertion. So you saw the point correctly.


    So what you need to do is to use principal propagation method. Try the destination with e.g. "authType = SAML Assertion Propagation" in case of using IAS Tenant.


    Best Regards,
    Barnabás Paksi

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.