cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MBO Authentication error

Go to solution
MariusStoica
Active Participant

on ‎12-18-2013 3:17 PM

0 Kudos

Hi gurus,

Let me explain the environment: SAP -> GW -> SUP - REST service (simple right? )

Here is the requirement: before using the app, the user needs to log in.

Here is the problem: After reading allot on SCN about the authentication, I still couldn't manage to make it work.

Here are some of the links:

http://scn.sap.com/thread/3434663

http://scn.sap.com/community/mobile/blog/2010/09/30/basic-user-management-and-authentication-with-sy...

http://scn.sap.com/thread/3208513

http://scn.sap.com/thread/3182334

http://scn.sap.com/community/developer-center/mobility-platform/blog/2012/08/10/how-to-sso-between-s...

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90b94038-3877-2e10-aa81-e021d6ffd...

http://scn.sap.com/community/icc/blog/2012/01/16/developing-mobile-apps-with-sybase-unwired-platform...

http://scn.sap.com/thread/2003311

and many more...

Here is my development:

a) The REST Service connection details

b) The MBO created on the REST Service Connection mentioned at point a)

c) The flow design:

d) Log in Screen:

I didn't manage to make this work. I might have missed some things, but this is what I've got so far.

I know that the link works, I'v tested it from REST client and "Preview" in Mobile Development Environment.

After I fill the 2 edit-boxes, I go to the next screen and when I press the "Online request" button, I'm taken to the login screen again (I think due to the checkbox "Show credential screen on Authentication failure" of the button)

Any suggestions on what I'm doing wrong or incomplete?

Thanks,

Marius

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MariusStoica
Active Participant
‎12-19-2013 4:44 PM
0 Kudos

Hi Midhum, Hi Jitendra,

I've been working on this issue.

What have I done so far is:

1) Modified the values of the user and password fields of the connection profile to "user" and "password" and redeployed to the device.

2) Modified the flow like this:

3) Created the "http" security configuration:

with these details (the IP is from the GW server):

I also added the other properties "Control Flag", "SSO Cookie name" and/or "Clear password" with no success or different result.

The URL has been tested in the browser and the authentication window shows from the GW system, we also receive the answer of authentication success.

4) Added the security configuration profile to the application user:

5) There is another security configuration profile for the package itself (that I deployed the MBO to) but I cannot access the exact one pointed at 4).

    It's form the list below:

What happens now ?

I get the log in screen, only once (if restart the app doesn't show).

When I do the "Online request" the log in screen shows again.

Here is the SCC log:



Time=2013-12-19 18:34:46.440, Application ID=HWC, Application Connection ID=1A7BD104060000040056A0E9D01080032__HWC, User=marius@admin, Correlation ID=, Package=livrari_dev_test:1.0, MBO=, Operation=, Thread ID=109, Node ID=xxxxxxx, Error=java.lang.SecurityException was thrown by method com.sybase.djc.mobilink.LoginHandler:authenticateUser(String user, String password, String securityConfiguration)\njava.lang.SecurityException: Login Failed: user 'marius'


  at com.sybase.djc.security.User.login(User.java:471)


  at com.sybase.djc.security.User.login(User.java:385)


  at com.sybase.djc.mobilink.LoginHandler.authenticateUser(LoginHandler.java:204)


  at com.sybase.sup.server.mbs.MessageReceiver.process(MessageReceiver.java:419)


  at com.sybase.sup.server.mbs.MessageReceiver_DJC.access$001(MessageReceiver_DJC.java:4)


  at com.sybase.sup.server.mbs.MessageReceiver_DJC$1.invoke(MessageReceiver_DJC.java:27)


  at com.sybase.djc.transaction.TransactionManager.invokeRequiresNew(TransactionManager.java:845)


  at com.sybase.djc.transaction.TransactionManager.invokeRequiresNew(TransactionManager.java:747)


  at com.sybase.sup.server.mbs.MessageReceiver_DJC.process(MessageReceiver_DJC.java:41)


  at com.sybase.sup.server.runtime.AbstractMessageReceiver.run(AbstractMessageReceiver.java:103)

Did I do something wrong?

Thanks,

Marius

Show replies
Show replies
midhun_vp
Active Contributor
‎12-20-2013 5:42 AM
0 Kudos

Time=2013-12-19 18:34:46.440, Application ID=HWC, Application Connection ID=1A7BD104060000040056A0E9D01080032__HWC, User=marius@admin, Correlation ID=, Package=livrari_dev_test:1.0,


The log tells that your package is still under the admin security.

You have to deploy the package to the new security profile you created "http". To do that you have to add the newly created security to the default domian, SCC> default>security>assign> add the "http" security. Then move the MBO package to to http security that will make the authentication against the configured NW gateway basic auth url.

Make sure that you have deleted other provider types present in authentication, authorization and attribution.

- Midhun VP

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎12-20-2013 5:50 AM
0 Kudos 


1) Modified the values of the user and password fields of the connection profile to "user" and "password" and redeployed to the device.

after doing any modification to mbo level, you have to redepoly mbo to server in required security profile.

rgrds,

Jitendra

MariusStoica
Active Participant
‎12-20-2013 8:29 AM
0 Kudos

I did that, thank you.

MariusStoica
Active Participant
‎12-20-2013 8:32 AM
0 Kudos

Something worked

I have a new error message:



Time=2013-12-20 10:21:06.683, Application ID=HWC, Application Connection ID=1A7BD104060000040056A0E9D01080032__HWC, User=marius@http, Correlation ID=, Package=livrari_dev_test:1.0, MBO=LivrareDevCollection, Operation=, Thread ID=109, Node ID=xxxxxx, Error=com.sybase.dataservices.DSException was thrown by transaction com.sybase.djc.transaction.TransactionContext.*AnonymousTransaction*\ncom.sybase.dataservices.DSException: java.lang.RuntimeException: com.sybase.vader.djc.util.SUPKeystoreException: No X.509 certificate found for alias "null" in keystore "Repository/Security/keystore.jks".

I'm still missing something here ... to that HTTP security configuration profile ...

midhun_vp
Active Contributor
‎12-20-2013 8:37 AM
0 Kudos

Add the screen shots of http configurations to find the root cause.

- Midhun VP

MariusStoica
Active Participant
‎12-20-2013 8:56 AM
0 Kudos

It kinda works

I reached the back-end after deleting the "SSO Certificate" from the HTTP security configuration profile.

Now I have another issue. The "answer" is attached in the debugger to the entity



* fill the OData structure


     copy_data_to_ref(


         exporting


           is_data = par_export_msg_s


         changing


           cr_data = er_entity


       ).

but the MBO's response is empty (empty list). I'll recreate the application with the new MBO and so on.

I'll have to do some more research on this one, and I'll return wih an answer.

Thank you very much Midhun VP and Jitendra

MariusStoica
Active Participant
‎12-21-2013 11:29 AM
0 Kudos

Hi guys,

I have another issue. It's realted to the creation of an MBO from OData service.

To retreive 1 entity i must use this "URI":



/LivrareCollection(Gestionar='',NrBorderou='',NrEticheta='',NrLot='',Incarcat='')

wich has to be translated in MBO terms as :



/LivrareCollection%28Gestionar=%27{gestionar(string)}%27,NrBorderou=%27{bl(string)}%27,NrEticheta=%27{numar_eticheta(string)}%27,NrLot=%27{lot(string)}%27,Incarcat=%27{incarcat(string)}%27%29

where



"(" = "%28"


")" = "%29"


" ' " = "%27"

But how do I translate the EntitySet "URI" template:



/LivrareCollection?$filter=Gestionar eq '' and NrBorderou eq '' and NrEticheta eq '' and NrLot eq '' and Incarcat eq ''

I receive an error when I first start adding the 2 characters "?" and "$".

I know that I can replace



" " (space) = "%20"

but is it ok if I replace:



"?" = "%3F"


"$" = "%3D"

Thanks,

Marius

PS: WhiIe I was writing this post to you guys, I got my answer in the mean time but I'll let it here for others in case they need it

agentry_src
Active Contributor
‎12-21-2013 2:10 PM
0 Kudos

Hi Marius,

It is really appreciated that you posted your solution!  Please mark the question with Correct/Helpful answers to those who guided you to your final results.  This will allow others to share the knowledge successfully.

Regards, Mike

SAP Rapid Innovation Group - RIG

Answers (2)

Answers (2)

midhun_vp
Active Contributor
‎12-19-2013 5:01 AM
0 Kudos 




After I fill the 2 edit-boxes, I go to the next screen and when I press the "Online request" button, I'm taken to the login screen again (I think due to the checkbox "Show credential screen on Authentication failure" of the button)

It is the normal behavior of the HWC app, when you make an online request only the authentication happens, when authentication fails the control goes back to the login screen.

In your case the login fails, Which are the credentials you are passing from mobile ?

What is the security configuration the app using ? The default security configuration is admin, you have to create a new security profile if you haven't did in order to authenticate against the respective system, ex. LDAP or SAP or any other system. After creating security profile deploy the MBOs to this domain then you can pass the credentials and it works.

To know about available pre configured securiies in SUP, http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc01703.0213/doc/html/aba12...

- Midhun VP

Show replies
Show replies
MariusStoica
Active Participant
‎12-19-2013 9:16 AM
0 Kudos

Hi Midhun,



Midhun VP wrote:





Which are the credentials you are passing from mobile ?

The credentials passed where for the GW system. The GW system has a trusted relationship with the Back-end system (for the moment). It seems that the application was expecting SUP credentials. If I get them right, the workflow closes (if I use Submit operations instead of Online request).



Midhun VP wrote:






What is the security configuration the app using ?

I'm using the default "admin". My knowledge in this domain is somewhat limited, is there a "How to guide" that I can follow to achieve LDAP security authorization / authentication?

Thanks,
Marius

midhun_vp
Active Contributor
‎12-19-2013 9:23 AM
0 Kudos

This might help you to do it.

http://scn.sap.com/thread/3436603

MariusStoica
Active Participant
‎12-19-2013 9:26 AM
0 Kudos

Ok. I'll get right on it ... it will take a while

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎12-19-2013 3:19 AM
0 Kudos

Hi Marius,

few things need to check:

1. did you manage to check HTTP Basic Authentication as showed below:

     i have taken this pic from http://scn.sap.com/thread/3434663

In SUP, we have 2 pre-defined personalization keys, username and password which are nothing but runtime input to the MBO. It has to be set for each and every operations.

If you haven't done, do it and redeploy the MBO to SUP server.

2. As per as design part is concerned, my understanding is when you pass backend username and password from device, validation occurs at start screen not at credentials screen (from your above screen designing)

what i want to say is:

After I fill the 2 edit-boxes, I go to the next screen and when I press the "Online request" button,

here, you change "Online Requeest" to "Submit" . Once you pass credentials deails in login page and press button,  these login details will be cached and you will see Start screen at this moment. Once you request to MBO, at that time only validation will be done. If credentials are correct, you will be able to navigate to other screens othewrise would see an error.

Rgrds,

Jitendra

Show replies
Show replies
MariusStoica
Active Participant
‎12-19-2013 9:06 AM
0 Kudos

Hi Jitendra,

Thank you for your swift answer.

1. I have 0 (zero) operations to my MBO. All I do is pass the parameters and do everything in the back-end.

The only authentication screen that I have is where I define the "MBO":

Is it here where am I supposed to insert "username" and "password"? Does the MBO know that they are actually variables for the real user and password?

2. The user and pass that I want to pass to the app, is the GW user and pass.

     The reason why I have both starting points pointing to the Credential screen is that if I remove "Client-Initiated" from there, then I receive an error:

If I remove the "Credential request" starting point, I receive this error:

But ... one thing is certain .. when I enter the SUP user and pass, and I submit the workflow, I managed to find that it's what the application is waiting for (not the GW user and pass, which are wrong because I can't leave the credential screen with them) but I'm am not taken to the start screen. The workflow closes, and I see the "Workflows" screen with the current workflows assigned to the user.

I need to change something "What?" is the billion dollar question

Thanks,

Marius

midhun_vp
Active Contributor
‎12-19-2013 9:19 AM
0 Kudos

When you provide the SUP (SCC) admin credentials works because the MBOs you are deployed to the default admin profile and it is expecting the SUP credentials. As I mentioned in my previous post you have to configure any of the pre configured security profile in order to authenticate against your NW gateway system.

You should have a client/ server initiated starting point your application. The credential request screen works independent of the starting points. When you run the app for the first time it takes you to the credential request screen, once you save the credentials it navigates to the client initiated starting point, its the normal behavior of the HWC apps. What you are missing here is deploying the MBOs to the right security profile instead of using the default admin

- Midhun VP

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
‎12-19-2013 10:05 AM
0 Kudos

Hi Marius,

1. yes you are correct

2.  if you look at below flow screen, here what happens, once you pass/submit credentials. it will cached in the device and next screen you will see on device would be "Start".

Make sure you deploy your mbo project to the HTTPAuthenicationModule security config before designing screen flow.

Rgrds,

Jitendra

Ask a Question