Die SAP Hauptversammlung fand am 20. Mai statt. Die eigentlichen Themen (Gewinn, Wachstum, Dividende) einer HV fanden wenig Interesse in den Medien. Dafür das was der Aufsichtsratsvorsitzende sagte. Ausgiebig wurden die Infos zu dem Ende des Co-CEO Models aufgenommen.* Seine Infos zum Abgang von Bill McDermott gingen etwas unter, fanden Read more…
SAP Help OAuth 2.0 Service Sample request in my Gitlab repo For the example, I am going to use an OAuth authorization grant of type client credentials. SAP Cloud Platform environment: Neo. Create scope Select an OAuth protected Java app and add a scope to it. If you just want Read more…
Problem After sending a request to the access token endpoint /sap/bc/sec/oauth2/token you get an internal server error 500. Investigation Tx: SA38 Program: SEC_TRACE_ANALYZER Run program. Select OAuth varian: click on Get Variants Click on Activate Trace is active. Reproduce the issue. The log trace for the user will show the Read more…
To be able to log in to your SAML 2.0 IdP after a SP redirect, the SP must be configured in your IdP. While this sounds obvious, it can be confusing when you have several clients in your IdP and several IdP in your SP. For instance, you must ensure Read more…
Scenario A user authenticated against the SAML 2.0 IdP. The OAuth client is sending the SAML 2.0 Response containing the user assertions to the NetWeaver ABAP system. An error of type invalid grant is returned. Error message: { “error”: “invalid_grant”, “error_description”: “Provided authorization grant is invalid. Exception was Attribute ‘Recipient’ of element ‘SubjectConfirmationData’ is invalid. For more information, consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545” } Root cause The OAuth client is sending the SAML Read more…
Scenario You send a SAML Bearer Assertion to the OAuth token service of SAP Gateway. The Return type is 400 Bad Request. Error message { “error”: “invalid_grant”, “error_description”: “Provided authorization grant is invalid. Exception was Message Assertion is not signed. For more information, consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545” } Root cause The error message contains a description of the root cause for the HTTP 400: “Exception was Message Assertion is not Read more…
To be able to access an OData service with OAuth, a scope is needed. I blogged about how to create a scope (using the wizard or a report) already. While adding a scope to a service is very easy, deleting is a little bit more effort. For instance, when you Read more…
You can create an OAuth Scope for an OData service either by using a wizard or a report. Both don’t show you the already created scopes. If you have to assign a scope to a user, how can you find out the scope of the OData service? You can take Read more…
References: Token Endpoint for OAuth 2.0 SAML 2.0 Bearer Assertion flow for OAuth 2.0 SCN Discussion The last configuration to be done before you can access an OAuth 2.0 protected OData service is to activate the token issuer service. To be able to access a resource, your OAuth client needs Read more…
SAP Help: Setting Up an OAuth 2.0 Client In this step an OAuth client is added. This is the client that logs on to NW ABAP on behalf of the end user. For this, the OAuth client is using an SAP user to log on. This user was created earlier Read more…