cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cart Approval with SUP - "cannot retrieve data"

Go to solution
former_member5235
Employee
Employee

on ‎05-10-2012 12:04 PM

0 Kudos

Hi,

our customer wants to install the SAP application "SAP Cart Approval". When we connect the device with backend, we got the error "cannot retrieve data".

For this we use:

-iPad

-SUP 2.1.2 (+RS)

-SAP Gateway 2.0

-SAP NetWeaver 7.31

We use the following documentations:

- "SAP Cart Approval 2.1.0 - Administrator's Guide"

- "SAP NetWeaver Gateway Configuration Guide - SAP NetWeaver Gateway 2.0 SP03"

- infocenter

My steps at the SUP Server:
1. Create the Security Profile at the SCC
        - Create a new Security Profile
        - create a new Authentication Login Module
                - Implementation Class: HttpAuthenticationLoginModule
                - URL: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/   *
        - delete the old Login Module

        - add this security profile to the default domain

*if I enter this link in a browser I see a blank page, if I enter this as a https link, I see an error (code: 511, Network Authentication Required)


2. Create a new Application at the SCC (how can I edit an application?  I can create a new, I can delete one, but I cannot edit the application?)
        - Application ID: com.sap.meps.CartApproval
        - Security configuration: this from step 1
        - Domain: default
        - Check "Configure additional settings" + Click "Next"
        - Base template: I used one where I have configured the RelayServer Connection)
        - Proxy:
                - Application Endpoint: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/
                - Push Endpint: http://SUP server:8000/GWC/SUPNotification (default)

3. Create a new Application Connection
        - User: bla
        - Template: com.sap.meps.CartApproval (Servername, Port, Farm ID, Application ID, Security config and domain were filled out automatically)
        - Activation Code: 123


 


After I entered the register data (why I cannot enter this data in the settings? why there isn't a entry for the Cart approval in the settings?) the iPad
shows an error "cannot retrieve data".

I see the device as online in the SCC, but I cannot see some log messages for more informations.

So here my questions:
- Is the link for the security profile and for the application really the same?
- If no, how the customer (I have no access to the SAP systems) can find the right links (transaction)?
- Is the "HttpAuthenticationLoginModule" the right choice?
- I see in a other forum (scn.sap.com) that the link have to look like this: http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/?sap-client=<11>?
sap-language=<en>
- Do I need an "https" link?

I'm happy about every information/idea you can give me. A tutorial or a reference to a other discussion...

Thanks in advance

Claudi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ambika_kv
Explorer
‎05-12-2012 3:25 PM
0 Kudos

Hi Claudi,

If you enter the URL as https:// as you application endpoint then you will have to - Create a new Security Profile with - Implementation Class: CertificateLoginModule

You can first confirm that your user is registered on SCC -> Application Connection Tab

As suggested by Rohith:

Enable the domain logs on scc:

Steps:

1. Domain>>DomainName>>Log>>Settings>>New >> Enter a name

2.Select "Application Connection" and chose your User

3. Select "payload" and chose "request response"

4. Select "Enable after creation"

Save the settings.

Change the log level at Server>>Logs>>Unwired Server>>Settings>>Proxy>>Debug.

Fire a new request from your application.

Under Domain>>DomainName>>Log>>General>>Proxy, click on retrive to display the latest logs:

Verify response status code and the URL being fired in the response payload.

you can share the logs if there any error.

Thanks,

Ambika

Show replies
Show replies
former_member5235
Employee
Employee
‎05-15-2012 10:23 AM
0 Kudos

Hi,

I was the last two days not at the customer...

So they changed the security profile to NoSecLoginModule, and it works (wrong user credentials = no data; right user credentials = right data). And now they confused for what they need a SSO login for this app. Can you help me? I know that isn't good for the production env? But why, if the NoSecModule look for the right users...?

Additional they want anyway the SOO Login with certificate now...

Thats also ok...for this I found this http://scn.sap.com/docs/DOC-25733

Do you know whether I need the steps 4.1, 4.3 and 4.4?

And from where I get the SUP certificate from 4.5?

Sorry all of this is new area for me.

Thanks for your help!

ambika_kv
Explorer
‎05-15-2012 12:31 PM
0 Kudos

Hi Claudia,

For SSO registration

You can check the below links for details:

Single Sign-on for SAP

http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.pubs.docset-SUP-2.1.0/doc/h...

Sybase Unwired Platform 2.1 > Security 2.1 > Server Security > Enabling Authentication and RBAC for User Logins > Authentication in Unwired Platform

How to create configuration in SCC

http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.pubs.docset-SUP-2.1.0/doc/h...

Sybase Unwired Platform 2.1 > Security 2.1 > Server Security > Enabling Authentication and RBAC for User Logins > Authentication in Unwired Platform > Single Sign-on for SAP > Security Configurations That Implement Single Sign-on Authentication

Hope this helps you

Regards,

Ambika

former_member5235
Employee
Employee
‎05-15-2012 1:20 PM
0 Kudos

Hi Ambika,

thanks a lot for your fast reply.

If I understand it right, I need to do more then to create the security profile if I want to use the CartApproval?

Followed I have a list with the highlevel steps, please correct me, if something is wrong.

1. SAP JCO Connection to SAP EIS? (Or did I need this only if I have native apps)

2. Install SAP Cryptographic Libaries

3. Generate a X.509 Certificate for SUP (I was thought that I get all certificates from the SAP admin?)

4. Import the SUP certificate into SAP (or is this the certificate from step 3)

5. KeyStore & Trust STore for certificates

6. security profile

7. at the device I have to add the "Window domain" for the certificate(?)

What I've also read in the forum, that I need one certificate per user. Is this right? If yes, it could mean, that I have over 1000 certificates at the SUP server?

Thanks

Claudia

ambika_kv
Explorer
‎05-15-2012 5:06 PM
0 Kudos

Hi Claudia,

you are rite step 1 mentioned by you is required only for native apps

Incase of registration using certificate

you will need to import X.509 certificate (this is provided by the admin) into the truststore of your SUP server

you will also a need to import p12 certificate in to your device, this will be sent to the server during registration (you can check with your admin for this aswell)

Regards,

Ambika

Answers (2)

Answers (2)

rohith_deraje
Advisor
Advisor
‎05-10-2012 5:03 PM
0 Kudos

Hi Claudia,

In Step1, you have mentioned, when you run the URL, you are getting blank page.

If your URL is correct, you should get back the service document xml.

In the server log, I see that your authentication is succesful and your call is successful(Status code 200).  So I see problem only with your service doc URL.

At this point I could suggest the below.

1. Please check and correct the URL.

http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/

2. If the issue still persists, follow the below steps to get more detailed logs.

This will help to check request being fired and response returned from gateway.

1. Domain>>DomainName>>Log>>Settings>>New >> Enter a name

2.Select "Application Connection" and chose your User

3. Select "payload" and chose "request response"

4. Select "Enable after creation"

Save the settings.

Change the log level at Server>>Logs>>Unwired Server>>Settings>>Proxy>>Debug.

Fire a new request from your application.

Under Domain>>DomainName>>Log>>General>>Proxy, click on retrive to get the logs.

Check and verify the URL being fired and also the response.

Regards

Rohith

Show replies
Show replies
former_member5235
Employee
Employee
‎05-11-2012 3:13 PM
0 Kudos

Hi Rohith,

thanks for your fast answer!

If I enter this URL with https://... then I got an XML site with "authentication required". (looks better?)

But if I enter this URL with https://.. in the SCC in my Security profile I cannot save this profile.

Looks this like the SAP isn't setup right?

Thanks in advance

Kind regards

Claudi

former_member5235
Employee
Employee
‎05-10-2012 2:34 PM
0 Kudos

Hi,

during the testing, I see now the following log message in the SUP server log:

"INFO PROXY MessageChannel Thread-329 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 307 Temporary Redirect"

This error is simliar to http://scn.sap.com/thread/2144708

So I try the solution from this post and change the application endpoint to http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/http://customerserver:8051/sap/opu/sdata/GBTRV/CARTAPPROVAL/?sap-client=11?sap-language=EN

If I try to change also the URL from the Security profile I get this error: "The server at the specific URL is not setup to authenticate the user"

Now I see this posts in the SUP server log:

2012-05-10 15:08:08.148 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler] ODP :Recieved a request

to fire to Gateway

2012-05-10 15:08:08.153 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter] ODP: Read the Request

information

2012-05-10 15:08:08.156 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP: Firing the request to the Gateway

2012-05-10 15:08:08.182 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP:Recieved the response from the

gateway

2012-05-10 15:08:08.184 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] Response code is HTTP/1.1 200 OK

2012-05-10 15:08:08.192 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GWProxy] ODP:Read response body from Gateway

2012-05-10 15:08:08.241 INFO    PROXY        MessageChannel Thread-2579 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler] ODP:Returning Response

from Gateway Back to Message Channel

But at the device I get every time the "error retrieving data" message.

What could be the reason, why I cannot change the security profile? Or is ma way completely wrong?

Show replies
Show replies
Ask a Question