Skip to Content
avatar image
Former Member

SAP Cloud identity REST API Call fail

Dear Developers,

I need a little help. I made a test application in the productive SAP HANA System which connected to the SAP Cloud Identity Tenant. The authetntication works well, but I can not send GET and POST calls with xsjs.

I configurated the server and the application about this: URL

- I trusted the certificate, which I downloaded from the SAP Support Portal (.../sap/hana/xs/admin/#/trustManager/)
- I saved the name and password which was configurated in the SAP Cloud Identity Application's HTTP basic authentication. (...//sap/hana/xs/admin/#/package/public.user_aut_app/httpDestination/user_test)

I coded a little API call. This is the rest.xsjs

In my application I would like to see this REST API's result:
https:// . accounts.ondemand.com/service/scim/Users

$.response.contentType = "text/HTML";
try{
 var client = new $.net.http.Client();
 var dest = $.net.http.readDestination("public.user_aut_app", "user_test");
 var response;
 var req = new $.net.http.Request($.net.http.GET, "scim/Users/");
  client.request(req, dest);
  response = client.getResponse();
  $.response.setBody(JSON.stringify(response.body.asString() ));	
}catch(e){
  $.response.setBody("Error: "+e);
}

And this is the destination file:

description = "Cloud Identify";
host = "<ID>.accounts.ondemand.com";
port = 443;
pathPrefix = "/service/";
proxyType = none;
proxyHost = "proxy";
proxyPort = 443;
authType = basic;
samlProvider = "T000000";
samlACS = "parameter:assertion";
useSSL = true;
timeout = 30000;
sslHostCheck = true;
sslAuth = anonymous;

But I got this error message:

Culd you give me some idea or tip how cloud I reach the REST API or what whould I change?

Thank you in advance.

error-hana.png (12.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Former Member

    Hi Babics,

    Did you get a solution around this issue. I am trying to do the exact and stuck with the same issue. I can make a successful call from Postman(Rest Client). So I know the User is correct.

    But I cannot get it to work from XSJS - XSHTTP Destination. I am using the same user as I have used in the Rest API.

    Any suggestions would be helpful.

    Thanks,

    Deepak

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Apr 07, 2017 at 09:08 PM

    Hi, I'm facing up a similar issue. I had made many test triyng to reach the api.

    If i login in the "SAP Cloud Platform Identity Authentication Administration Console", which url is : https://XXXXX.accounts.ondemand.com/admin/ and then i consum the api, it works fine.

    For example, i can get all users doing http get at: https://XXXXX.accounts.ondemand.com/service/scim/Users/

    The problem is that i want to consume the api through a destination, and so make calls to the api from Javascript code in a UI5 Application. To do that, i try to authenticate the destination with basic but it doesn't work.

    If i use the name and password which was configurated in the SAP Cloud Identity Application's , the http response is 403 Forbidden.

    And if i use the Administrator user of the Platform Identity Tenant, the response is 401 Unauthorized , and this make no sense cause with the same user, through sso autorization can reach de api.

    Thanks for your time.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 11, 2017 at 11:01 PM

    I had the same issue (as Andrés Nebel mentioned) when I was using a "user" administrator to access SCIM REST API. I started using a "system" administrator and the problem is gone now. See https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/bbbdbdd3899942ce874f3aae9ba9e21d.html#loiocefb742a36754b18bbe5c3503ac6d87c

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 03 at 07:15 PM

    Hi Babics,

    Have you imported the full certification path. SAP ID Service server certificate relies on Verizon and Symantec's CA certificates. So those need to be imported as well on your Certificate Store.

    Please check the answer and comments from a similar question.

    Check that you have in fact entered a SAP ID Service user that is allowed to connect using password basic authentication. If this is not the case, the connection will be refused with either 401 or 403, just like mentioned previously by Andrés.

    Regards,
    Ivan

    Add comment
    10|10000 characters needed characters exceeded