on 01-31-2014 10:06 AM
Hi,
I am exploring to build a simple custom UI with the help of identity managment REST API interface. I am using SAP NW IDM 7.2 SP7.
I found couple of rest api interface docs and code samples but not sure where to start with 🙂 May be steps to setup the environment or a simple client to connect from SAP Netweaver Developer Studio would be helpful.
Also i tried to access below URL from browser but it gives 403 forbidden error
http://<hostname>:<port>/idmrest/
Any authentication settings need to be changed for this from NWA ?
Thanks,
Karthik
Take a look at these articles from :
http://scn.sap.com/community/netweaver-idm/blog/2013/07/08/sapui5-and-id-mgmt--a-perfect-combination
These SAP documents might help as well:
SAP NetWeaver Identity Management REST Interface Version 2 - SAP Library
SAP NetWeaver Identity Management Identity Cent... | SCN
That might help you move in the right direction.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
Thanks for consolidated links
As a first step I want to use the REST service and to access the Service Document and Service Metadata Document.
For that i tried to follow from below link topic Security - > Authentication and Authorization
SAP NetWeaver Identity Management REST Interface Version 2 - SAP Library
My understanding is the UME IdM user should have below
◦Necessary UME actions (idm_authenticated and the idm_authenticated_restapi)
◦Better performance with single sing-on with logon tickets (ticket authentication template)
In our environment i could find idm_authenticated action and also some relevant below but not the other (idm_authenticated_restapi)
I tried to assign all above to a user and login to http://<hostname>:<port>/idmrest/ but still gives me forbidden error.
Is something missing in our environment ?
Thanks,
Karthik
Hello Karthik,
Maybe you have not deployed the REST v2 SCA file? Please refer to section 'Deploying the REST Interface Version 2'.
Also for the 403 error, it may be caused by XSRF token missing or missing authorization. See also section 'Cross-Site Request Forgery Protection' under security.
Hope it helps.
BR, Keith
Thanks Keith for quick response.
Yes. My bad We don't have REST V2 deployed. Ours is SAP NW IDM 7.2 SP7.
From section 'Deploying the REST Interface Version' i could see prerequisite as SAP NetWeaver Identity Management Identity Center 7.2 SP8 so the document may not applicable for us.
I had a quick look at SAP NetWeaver Identity Management Identity Cent... | SCN and will check for any info available on XSRF token missing or authorization applicable for our environment.
Hi Karthik,
Yes, then you may try with the old REST API as following guide:
https://scn.sap.com/docs/DOC-26747
Good luck
BR, Keith
I have read through the SAP note 1806098 - Unauthorized Use of Application Functions in REST Interface as mentioned in https://scn.sap.com/docs/DOC-26747 under security and i tried the following
I have set property v72alpha.security.xsrf.disable_token_based_protection as true and restarted the tc~idm~jmx~rest~app application but still i keep getting 403 error when i try to login using 'Administrator' credential to http://<hostname>:<port>/idmrest/
Something else am i missing ?
I noticed 'RegIForbiddenUrl' has been mentioned in the note for other possible limiting access but i don't know where should i exactly look out for it.
Hi Karthik,
Check my blog http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode..., I had similar problem with the REST Interface for version 2.
I hope this will help,
Simona
Hi,
I executed the steps as mentioned in the link and it worked like a charm.
Then I tried to follow your blog (http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode...) for 'POST' request.
I just tried to run it as is using chrome browser and was getting 401 unauthorized exception along with below
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
It looks something related to cross domain as i am trying to access it from different server. So i changed the datatype to jsonp and able to overcome the authorization issue.
But the modify request (POST) doesn't seem to work yet.
......
xsrfTokenValue = xhr.getResponseHeader("X-CSRF-Token");
alert(xsrfTokenValue);
......
xsrfTokenValue is returning as 'null' here.
I am not sure where i am going wrong. I tried changing different headers but it doesn't seems to help.
Then I used Fiddler to check whether i could read x-csrf-token and that works perfectly fine when i pass on below headers
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx
ACCEPT: text/plain; charset=utf-8
Content-Type: application/x-www-form-urlencoded
x-csrf-token: FETCH
But here also i am again stuck up with while trying POST request (after fetching x-csrf-token)
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/x-www-form-urlencoded
x-csrf-token: yyyyyyyyyyyyyyyyyyy
It gives me 403 error again.
Thanks,
Karthik
Hi Karthik,
I had a similar problem, please check my discussion about it: http://scn.sap.com/message/14841449#14841449
BR,
Simona
Thanks Simona !
I could able to overcome the auhtorization problem now. I made it as an EAR file and deployed at the server, Now able to fetch xsrfTokenValue.
I am just step away from making a post request successfully. I used your code exactly http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode... with script source jquery1.9.1.
I am now getting 400 bad request error (at jquery-1.9.1.min.js:5.)
May be the data format i am passing is wrong ?
I was initiating it like below
var myData = {MX_FIRSTNAME:"test"}
For
var myData= new Object();
myData[MX_FIRSTNAME] = "test";
I am getting Uncaught ReferenceError: MX_FIRSTNAME is not defined
For
var myData = {"MX_FIRSTNAME":"test"};
Getting BAD request error at the below lines in jquery-1.9.1.min.js
try{
for(s in i)
u.setRequestHeader(s,i[s])
}
catch(l){}
u.send(n.hasContent&&n.data||null)
Is some problem with the version of jquery i am using ?
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.