Hi Matt,

Thanks for consolidated links

As a first step I want to use the REST service and to access the Service Document and Service Metadata Document.

For that i tried to follow from below link topic Security - > Authentication and Authorization

SAP NetWeaver Identity Management REST Interface Version 2 - SAP Library

My understanding is the UME IdM user should have below

◦Necessary UME actions (idm_authenticated and the idm_authenticated_restapi)

◦Better performance with single sing-on with logon tickets (ticket authentication template)

In our environment i could find idm_authenticated action and also some relevant below but not the other (idm_authenticated_restapi)

I tried to assign all above to a user and login to  http://<hostname>:<port>/idmrest/ but still gives me forbidden error.

Is something missing in our environment ?

Thanks,

Karthik

Thanks Keith for quick response.

Yes. My bad We don't have REST V2 deployed. Ours is SAP NW IDM 7.2 SP7.

From section 'Deploying the REST Interface Version' i could see prerequisite as SAP NetWeaver Identity Management Identity Center 7.2 SP8 so the document may not applicable for us.

I had a quick look at SAP NetWeaver Identity Management Identity Cent... | SCN and will check for any info available on XSRF token missing  or authorization applicable for our environment.

I have read through the SAP note 1806098 - Unauthorized Use of Application Functions in REST Interface as mentioned in https://scn.sap.com/docs/DOC-26747 under security and i tried the following

I have set property v72alpha.security.xsrf.disable_token_based_protection  as true and restarted the tc~idm~jmx~rest~app application but still i keep getting 403 error when i try to login using 'Administrator' credential to http://<hostname>:<port>/idmrest/

Something else am i missing ?

I noticed 'RegIForbiddenUrl' has been mentioned in the note for other possible limiting access but i don't know where should i exactly look out for it.

Hi Karthik,

Check my blog http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode..., I had similar problem with the REST Interface for version 2.

I hope this will help,

Simona

Hi,

I executed the steps as mentioned in the link  and it worked like a charm.

Then I tried to follow your blog (http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode...) for 'POST' request.

I just tried to run it as is using chrome browser and was getting 401 unauthorized exception along with below

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

It looks something related to cross domain as i am trying to access it from different server. So i changed the datatype to jsonp and able to overcome the authorization issue.

But the modify request (POST) doesn't seem to work yet.

......

xsrfTokenValue = xhr.getResponseHeader("X-CSRF-Token");

alert(xsrfTokenValue);

......

xsrfTokenValue is returning as 'null' here.

I am not sure where i am going wrong. I tried changing different headers but it doesn't seems to help.

Then I used Fiddler to check whether i could read x-csrf-token and that works perfectly fine when i pass on below headers

Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx

ACCEPT: text/plain; charset=utf-8

Content-Type: application/x-www-form-urlencoded

x-csrf-token: FETCH

But here also i am again stuck up with while trying POST request (after fetching x-csrf-token)

Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxx

Content-Type: application/x-www-form-urlencoded

x-csrf-token: yyyyyyyyyyyyyyyyyyy

It gives me 403 error again.

Thanks,

Karthik

Hi Karthik,

   I had a similar problem, please check my discussion about it: http://scn.sap.com/message/14841449#14841449

BR,

Simona

Thanks Simona !

I could able to overcome the auhtorization problem now. I made it as an EAR file and deployed at the server, Now able to fetch xsrfTokenValue.

I am just step away from making a post request successfully. I used your code exactly http://scn.sap.com/community/idm/blog/2014/05/26/sap-netweaver-idm-rest-api-ui--calling-post-methode... with script source jquery1.9.1.

I am now getting 400 bad request error (at jquery-1.9.1.min.js:5.)

May be the data format i am passing is wrong ?

I was initiating it like below

var myData = {MX_FIRSTNAME:"test"}

Hi Karthik,

  You can try this:

var myData= new Object();

myData[MX_FIRSTNAME] = "test";

or

var myData = {"MX_FIRSTNAME":"test"}

and then pass myData with the POST call data:myData

BR,

Simona

For

var myData= new Object();

myData[MX_FIRSTNAME] = "test";

I am getting Uncaught ReferenceError: MX_FIRSTNAME is not defined

For

var myData = {"MX_FIRSTNAME":"test"};

Getting BAD request error at the below lines in jquery-1.9.1.min.js

try{
for(s in i)
u.setRequestHeader(s,i[s])
}
catch(l){}
u.send(n.hasContent&&n.data||null)

Is some problem with the version of jquery i am using ?

Hi Karthik,

  Check into your IdM task used for the POST call, if the attribute - MX_FIRSTNAME is defined there.

BR,

Simona

Thanks Simona.

Actually i have included the MX_FIRSTNAME attribute but missed to select Entry Type (MX_PERSON) in the task.

Now finally could able to do successful POST request