3

I've generated project via:

mvn archetype:generate -DarchetypeGroupId=com.sap.cloud.s4hana.archetypes -DarchetypeArtifactId=scp-cf-spring -DarchetypeVersion=LATEST

I included S4Sdk jars and accessing S/4HANA V2 API. The code works fine with Basic authentication but when I configure destination type as "OAuth2SAMLBEARER ASSERTION" I get the following error in CF logs when accessing S4Hana API's via .execute calls:

2018-09-07T06:37:22.728+0000 [APP/PROC/WEB/0] ERR     ... 1 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get access token for destination service.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:107)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:117)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:26)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     ... 26 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequestFailedException: Failed to get access token: no valid JWT bearer found in "Authorization" header of request.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.getCurrentJwt(TokenRequest.java:307)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR     at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.requestTokenWithUserTokenGrant(TokenRequest.java:348)

Note: I've established trust between S/4HANA system and subaccount, communication and business users are configured, principal propagation steps as specified in: https://blogs.sap.com/2018/02/05/deep-dive-8-with-sap-s4hana-cloud-sdk-leverage-principal-propagation-via-oauth-2-when-consuming-a-business-api-from-s4hana-cloud/ ,

Please check and let me know if something else needs to be configured for this.

I tried creating approuter via blog suggested in comments but I'm getting error in deploying approuter in CF:

2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > @sap/approuter@2.10.0 start /home/vcap/app
   2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > node approuter.js
   2018-09-07T20:01:25.50+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:25:497#+00:00#WARNING#/LoggingLibrary################PLAIN##Dynamic log level switching not available#
   2018-09-07T20:01:28.89+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:28:897#+00:00#INFO#/approuter################PLAIN##Application router version 2.10.0#
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR /home/vcap/app/lib/utils/JsonValidator.js:30
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     throw new VError('%s%s: %s',
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     ^
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR VError: environment-destinations/0/url: Format validation failed (URI must be absolute)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at JsonValidator.validate (/home/vcap/app/lib/utils/JsonValidator.js:30:11)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Object.validateEnvDestinations (/home/vcap/app/lib/configuration/validators.js:100:15)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at loadDestinations (/home/vcap/app/lib/configuration/env-config.js:55:14)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Object.load (/home/vcap/app/lib/configuration/env-config.js:20:28)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Object.module.exports.load (/home/vcap/app/lib/configuration.js:15:37)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at bootstrap (/home/vcap/app/lib/bootstrap.js:47:36)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Approuter.start (/home/vcap/app/approuter.js:58:13)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Object.<anonymous> (/home/vcap/app/approuter.js:115:6)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Module._compile (module.js:577:32)
   2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR     at Object.Module._extensions..js (module.js:586:10)
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Linux 4.4.0-133-generic
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! argv "/home/vcap/deps/0/node/bin/node" "/home/vcap/deps/0/bin/npm" "start"
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node v6.14.3
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! npm  v3.10.10
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! code ELIFECYCLE
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! @sap/approuter@2.10.0 start: `node approuter.js`
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Exit status 1
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! 
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Failed at the @sap/approuter@2.10.0 start script 'node approuter.js'.
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Make sure you have the latest version of node.js and npm installed.
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! If you do, this is most likely a problem with the @sap/approuter package,
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! not with npm itself.
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Tell the author that this fails on your system:
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR!     node approuter.js
   2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! You can get information on how to open an issue for this project with:
   2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR!     npm bugs @sap/approuter
   2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! Or if that isn't available, you can get their info via:
   2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR!     npm owner ls @sap/approuter
   2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! There is likely additional logging output above.
   2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! Please include the following file with any support request:
   2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR!     /home/vcap/app/npm-debug.log

Can you please help me here. I downloaded approuter from the link suggested in blog.

Sandra Rossi
  • 11,934
  • 5
  • 22
  • 48
Rahul Pandey
  • 141
  • 1
  • 11

2 Answers2

2

The issue was solved by having app router send the JWT token to Java application. There are set of files like xs-app.json that needs to be configured with the correct regular expression for the map to destinations created in manisfest.yml of your app router. The specific destination created in the manifest should point to your java service with "forward-token: true".

Apart from this, your XSUAA service instance created should have proper auth scopes defined in xs-secuity.json as required by your application.

For above error, if we call the java service with bearer token as received from app router it works fine. You can also access the app directly from app router by configuring proper regex in xs-app.json.

Rahul Pandey
  • 141
  • 1
  • 11
1

I guess authentication is not configured yet as explained here: https://blogs.sap.com/2017/07/18/step-7-with-sap-s4hana-cloud-sdk-secure-your-application-on-sap-cloud-platform-cloudfoundry/

Have you secured your app so that the user has to log in first?

In contrast to Basic Authentication, for OAuth2SAMLBEARER or any other propagation of the user principle, the user has to be logged in into the application beforehand. Only then, the user can be propagated.

You logs indicate that the application fails to extract the JWT token from the request, which should be passed from the approuter.

Daniel Kurzynski
  • 308
  • 2
  • 9
  • The application I created using artifact id: scp-cf-spring, so I didn't do any web.xml related steps however I followed all other steps and configure my application on the similar line. Also, I didn't create the app router as an entry point for my application and will include it later, for now, I'm doing a POC. Is including the app router a mandatory step? Currently, I'm accessing my application end URL directly. – Rahul Pandey Sep 07 '18 at 09:04
  • 1
    I'd suggest you try it using the approuter. As far as I'm aware, you need a JWT to get an access token for your S/4. The JWT is typically given out by the XSUAA to the approuter when you use the approuter to access your application. Since you're probably accessing your application directly right now, there's no JWT in the header of the incoming request (see `Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequestFailedException: Failed to get access token: no valid JWT bearer found in "Authorization" header of request`) and thus it won't work. So yeah, try the approuter. – Dennis H Sep 07 '18 at 12:26
  • 1
    @DennisH I followed the app router approach but getting few issues in deployment, can you please help. NOTE: update my question with new error. – Rahul Pandey Sep 07 '18 at 14:46
  • @Daniel Kurzynski – Rahul Pandey Sep 07 '18 at 14:46
  • 1
    SOLVED: The destinations URL in my manifest.yml was wrong, the approuter is deployed fine now. – Rahul Pandey Sep 07 '18 at 17:12
  • @RahulPandey: Now that the approuter works, is your initial issue solved? – Dennis H Sep 08 '18 at 15:19
  • No my initial issue is not resolved, I'm trying something if it works i'll shortly post the solution. – Rahul Pandey Sep 09 '18 at 04:20