cancel
Showing results for 
Search instead for 
Did you mean: 

OCI parameters outbound - how are they sent?

Former Member
0 Kudos

Hi all,

I have a feeling this is a laughably simple question, but study the documentation as I might, I can't work something out.

We're a vendor with no SAP experience and no OCI experience developing a catalog application for a large customer who uses SAP.  Our application is .NET based.

Reading through the OCI specs and looking at the outbound parameters, I made the assumption that these can be passed as simple URL parameters, tagged on to the URL.  So, our customer would configure our app URL into their external catalogs set up, and then pass the user, HOOK_URL etc to us as part of the URL that gets generated when someone chooses to "punch out".

So, we set it up this way, got online with our customer and had them configure the external supplier appropriately.  they punch out and do successfully reach our site, but the URL that SAP generates does not include the parameters.  We used an HTTP spy tool and the parameters are nowhere to be seen in the HTTP traffic.

Our customer has successfully set up these OCI interfaces with a number of other vendors, but our contacts do not know HOW the OCI outbound parameters are being passed.

So, I went back to the spec document, and at no point does it say "and here's HOW those parameters are passed". 

My question is - can they be passed as URL parameters?  If not, what is the easiest alternative?

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi Michael Peters

We're having the exact same problem as you describe.

If you've solved the problem I'd love to hear how

Best Regards

ABA

robin_janke
Contributor
0 Kudos

Hi,

just add a new entry page for your application that accepts a POST form as mentioned above and an exit page that does a POST to the HOOK_URL that you received in the initial call and then redirect to the main page of your catalog. Just save that HOOK_URL value in a session parameter/cookie/database and in the return to SRM form use that parameter as the form action.

Regards,

Robin

Former Member
0 Kudos

Hi Robin

Thanks for your fast reply I'm currently testing the setup you suggest.

But can I ask you where you've learned that this is the behavior? Is it pure experience or is it described somewhere online I've been unable to find? I can't seem to find anythin in the OCI v.4.0 documentation

Best Regards

Anders

robin_janke
Contributor
0 Kudos

Hi,

most of it is from experience talking to suppliers and getting their catalogs OCI enabled. I am mostly an SRM/ABAP consultant so I look at it from the SAP side.

As far as I have found there is not much more information then the document you used (actually there is now an OCI 5.0 document). In there also some extra functionality of OCI 4.0 is described such as logging in via some handshake protocol. That actually might be worth looking into seeing the focus on security lately.

When you read the OCI documentation between the lines a bit, you can mine out the information you need, but only after reading it a few times.

Regards,

Robin

robin_janke
Contributor
0 Kudos

Hi,

The OCI interface uses a simple html form POST to transmit the request to the OCI catalog. I think that the GET method is a bit out of fashion due to the plain text sending of user and pass in the URL.

For example:

<HTML>

<BODY>

<FORM NAME="SUBMITFORM" ACTION= "YOUR CATALOGUE URL" METHOD="POST">

  <INPUT TYPE="HIDDEN" NAME= "LOGIN" VALUE= "LOGIN">

  <INPUT TYPE="HIDDEN" NAME= "PASSWORD" VALUE= "PASSWORD">

  <INPUT TYPE="HIDDEN" NAME="HOOK_URL" VALUE="<AUTOMATICALLY GENERATED BY SRM>">

  <INPUT TYPE="HIDDEN" NAME="returntarget"VALUE="_top">

</FORM>

<SCRIPT LANGUAGE="JavaScript"> document.SUBMITFORM.submit();</SCRIPT>

</HTML>

The blue part is what you provide and maybe you have some additional fields that you want to have as well, maybe a customer ID, or a unique ID to identify the user that logs in (BADI BBP_CAT_CALL_ENRICH should then be implemented by your customer). The above login is for a generic access that is used by all SRM users that have access to the catalog. It is possible to access a catalog by only having a URL and HOOK_URL in the call structure in SRM, however that is not really OCI compliant.

Regards,

Robin

Karsten_Haubold
Explorer
0 Kudos

Hello Michael,

I'm not sure, but maybe it helps. The OCI parameter are sent out as one URL if all parameters are maintained in the standard call structure. Your customer should checkif they have maintained that call structure correctly.

Regards,

Karsten