on 04-09-2016 12:20 AM
Hello Experts,
We have an Use Case where in we have iOS Native app that connects to HCP mobile services which connects to back end ECC system (say ERP) via HCP Mobile services and HANA cloud connector (HCC) .
App -> HCPms -> HCC -> OData_SRV -> ERP.
We are able to do a GET with and without authentication. This Works !!
However, to perform PATCH operation from native app, we get an error "CSRF Token needed".
But patch works within SAP gateway if we use tcode /IWFND/GW_CLIENT
For authentication, we are using HCP default identity provider (SAP ID) and HTTP Basic Auth. (and this works too). For backend ECC system we use SAP backend user for identity management.
What is the correct way to configure Cloud connector + backend ECC systems so that we can execute PATCH/update?
Any pointers will be highly appreciated!!
regards
Akshay
Hi Akshay,
the SAP Gateway Client is providing you the CSRF token automatically so that you as a developer testing the Service don't have to bother to get it yourself.
An OData Client has to retrieve the CSRF token via a GET request using the http Header "X-CSRF-Token" with the value "Fetch"
See the following thread for more details.
Best Regards,
Andre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Andre,
Thanks alot for the quick response.
I tried what was mentioned there. When i do a GET, I get the values of the entity But I am getting a blank token.
Is there some setting that needs to be maintained at the OData service level or the OData service Node level? Currently, if i goto tcode SICF and navigate to the service -> GUI configuration, we have set the variable CHECK_CSRF_TOKEN = 0 . I tried changing it to 1. But that dint work either.
Please refer the attachment
regards
AKshay
Hi,
actually HCPms should not mess with this token and just proxy it though. So could you please verify that the same request, directly against your OData Service, is generating the token?
In the past we had observed funny things, like case-sensitive headers while fetching the token:
X-CSRF-TOKEN != x-csrf-token
the same is true for the header value:
FETCH != fetch != Fetch
Hope this brings you on the right track.
Regards,
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.