on 05-10-2012 12:04 PM
Hi,
our customer wants to install the SAP application "SAP Cart Approval". When we connect the device with backend, we got the error "cannot retrieve data".
For this we use:
-iPad
-SUP 2.1.2 (+RS)
-SAP Gateway 2.0
-SAP NetWeaver 7.31
We use the following documentations:
- "SAP Cart Approval 2.1.0 - Administrator's Guide"
- "SAP NetWeaver Gateway Configuration Guide - SAP NetWeaver Gateway 2.0 SP03"
- infocenter
My steps at the SUP Server:
1. Create the Security Profile at the SCC
- Create a new Security Profile
- create a new Authentication Login Module
- Implementation Class: HttpAuthenticationLoginModule
- URL: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/ *
- delete the old Login Module
- add this security profile to the default domain
*if I enter this link in a browser I see a blank page, if I enter this as a https link, I see an error (code: 511, Network Authentication Required)
2. Create a new Application at the SCC (how can I edit an application? I can create a new, I can delete one, but I cannot edit the application?)
- Application ID: com.sap.meps.CartApproval
- Security configuration: this from step 1
- Domain: default
- Check "Configure additional settings" + Click "Next"
- Base template: I used one where I have configured the RelayServer Connection)
- Proxy:
- Application Endpoint: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/
- Push Endpint: http://SUP server:8000/GWC/SUPNotification (default)
3. Create a new Application Connection
- User: bla
- Template: com.sap.meps.CartApproval (Servername, Port, Farm ID, Application ID, Security config and domain were filled out automatically)
- Activation Code: 123
After I entered the register data (why I cannot enter this data in the settings? why there isn't a entry for the Cart approval in the settings?) the iPad
shows an error "cannot retrieve data".
I see the device as online in the SCC, but I cannot see some log messages for more informations.
So here my questions:
- Is the link for the security profile and for the application really the same?
- If no, how the customer (I have no access to the SAP systems) can find the right links (transaction)?
- Is the "HttpAuthenticationLoginModule" the right choice?
- I see in a other forum (scn.sap.com) that the link have to look like this: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/?sap-client=<11>?
sap-language=<en>
- Do I need an "https" link?
I'm happy about every information/idea you can give me. A tutorial or a reference to a other discussion...
Thanks in advance
Claudi
Hi Claudi,
If you enter the URL as https:// as you application endpoint then you will have to - Create a new Security Profile with - Implementation Class: CertificateLoginModule
You can first confirm that your user is registered on SCC -> Application Connection Tab
As suggested by Rohith:
Enable the domain logs on scc:
Steps:
1. Domain>>DomainName>>Log>>Settings>>New >> Enter a name
2.Select "Application Connection" and chose your User
3. Select "payload" and chose "request response"
4. Select "Enable after creation"
Save the settings.
Change the log level at Server>>Logs>>Unwired Server>>Settings>>Proxy>>Debug.
Fire a new request from your application.
Under Domain>>DomainName>>Log>>General>>Proxy, click on retrive to display the latest logs:
Verify response status code and the URL being fired in the response payload.
you can share the logs if there any error.
Thanks,
Ambika
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I was the last two days not at the customer...
So they changed the security profile to NoSecLoginModule, and it works (wrong user credentials = no data; right user credentials = right data). And now they confused for what they need a SSO login for this app. Can you help me? I know that isn't good for the production env? But why, if the NoSecModule look for the right users...?
Additional they want anyway the SOO Login with certificate now...
Thats also ok...for this I found this http://scn.sap.com/docs/DOC-25733
Do you know whether I need the steps 4.1, 4.3 and 4.4?
And from where I get the SUP certificate from 4.5?
Sorry all of this is new area for me.
Thanks for your help!
Hi Claudia,
For SSO registration
You can check the below links for details:
Single Sign-on for SAP
Sybase Unwired Platform 2.1 > Security 2.1 > Server Security > Enabling Authentication and RBAC for User Logins > Authentication in Unwired Platform
How to create configuration in SCC
Sybase Unwired Platform 2.1 > Security 2.1 > Server Security > Enabling Authentication and RBAC for User Logins > Authentication in Unwired Platform > Single Sign-on for SAP > Security Configurations That Implement Single Sign-on Authentication
Hope this helps you
Regards,
Ambika
Hi Ambika,
thanks a lot for your fast reply.
If I understand it right, I need to do more then to create the security profile if I want to use the CartApproval?
Followed I have a list with the highlevel steps, please correct me, if something is wrong.
1. SAP JCO Connection to SAP EIS? (Or did I need this only if I have native apps)
2. Install SAP Cryptographic Libaries
3. Generate a X.509 Certificate for SUP (I was thought that I get all certificates from the SAP admin?)
4. Import the SUP certificate into SAP (or is this the certificate from step 3)
5. KeyStore & Trust STore for certificates
6. security profile
7. at the device I have to add the "Window domain" for the certificate(?)
What I've also read in the forum, that I need one certificate per user. Is this right? If yes, it could mean, that I have over 1000 certificates at the SUP server?
Thanks
Claudia
Hi Claudia,
you are rite step 1 mentioned by you is required only for native apps
Incase of registration using certificate
you will need to import X.509 certificate (this is provided by the admin) into the truststore of your SUP server
you will also a need to import p12 certificate in to your device, this will be sent to the server during registration (you can check with your admin for this aswell)
Regards,
Ambika
Hi Claudia,
In Step1, you have mentioned, when you run the URL, you are getting blank page.
If your URL is correct, you should get back the service document xml.
In the server log, I see that your authentication is succesful and your call is successful(Status code 200). So I see problem only with your service doc URL.
At this point I could suggest the below.
1. Please check and correct the URL.
http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/
2. If the issue still persists, follow the below steps to get more detailed logs.
This will help to check request being fired and response returned from gateway.
1. Domain>>DomainName>>Log>>Settings>>New >> Enter a name
2.Select "Application Connection" and chose your User
3. Select "payload" and chose "request response"
4. Select "Enable after creation"
Save the settings.
Change the log level at Server>>Logs>>Unwired Server>>Settings>>Proxy>>Debug.
Fire a new request from your application.
Under Domain>>DomainName>>Log>>General>>Proxy, click on retrive to get the logs.
Check and verify the URL being fired and also the response.
Regards
Rohith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rohith,
thanks for your fast answer!
If I enter this URL with https://... then I got an XML site with "authentication required". (looks better?)
But if I enter this URL with https://.. in the SCC in my Security profile I cannot save this profile.
Looks this like the SAP isn't setup right?
Thanks in advance
Kind regards
Claudi
Hi,
during the testing, I see now the following log message in the SUP server log:
"INFO PROXY MessageChannel Thread-329 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 307 Temporary Redirect"
This error is simliar to http://scn.sap.com/thread/2144708
So I try the solution from this post and change the application endpoint to http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/?sap-client=11?sap-language=EN
If I try to change also the URL from the Security profile I get this error: "The server at the specific URL is not setup to authenticate the user"
Now I see this posts in the SUP server log:
2012-05-10 15:08:08.148 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler] ODP :Recieved a request
to fire to Gateway
2012-05-10 15:08:08.153 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter] ODP: Read the Request
information
2012-05-10 15:08:08.156 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP: Firing the request to the Gateway
2012-05-10 15:08:08.182 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP:Recieved the response from the
gateway
2012-05-10 15:08:08.184 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] Response code is HTTP/1.1 200 OK
2012-05-10 15:08:08.192 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP:Read response body from Gateway
2012-05-10 15:08:08.241 INFO PROXY MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler] ODP:Returning Response
from Gateway Back to Message Channel
But at the device I get every time the "error retrieving data" message.
What could be the reason, why I cannot change the security profile? Or is ma way completely wrong?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.