cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WebIDE testing error with custom IdP

Former Member

on ‎07-12-2016 11:25 AM

0 Kudos

Hi,

I have configured a custom IdP and set the required custom role as explained in the documentation. WebIDE seems to work perfectly, however when I try to run a SapUI5 app from WebIDE, it correctly redirects to my IdP for authentication, but after a successful auth I get the error HTTP Status 403 - Forbidden instead of the app.

Is there anything else that I need to configure so that it works ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

sascha_scholz
Explorer
‎07-12-2016 12:17 PM
0 Kudos

Hi,

do you have a security constraint configured in your app? The default role assignment for such is the AccountDeveloper role. If you use SAP ID Service, then this role is automatically populated with HCP account members. With a custom IdP configuration, this is not possible. You could assign a different existing HTML5 Applications shared role or create a new one. If you name it AccountDeveloper, then you can skip the role assignment also for other security constraints.

For more information, see https://help.hana.ondemand.com/help/frameset.htm?d128e6796cf94bb187d4bbf69419e2f5.html

Sascha

Show replies
Show replies
Former Member
‎07-12-2016 12:46 PM
0 Kudos

Hi,

I didn't have any security constraints defined, but I tried a few as stated in the docs, to skip the authentication and I still receive the 403 error.

My deployed HTML5 apps however, work perfectly without me changing anything regarding to roles or permissions (or security constraints, they have none). I even published this app to HCP, and there it works perfectly, without me changing anything,

So it seems that only the apps that are run from within WebIDE have this issue.

PavelPenaz
Product and Topic Expert
Product and Topic Expert
‎08-02-2016 11:50 AM
0 Kudos

Dear experts, I did some testing with Istvan's team and it appears that this can be reproduced by taking the following steps:

1. Use SAP Cloud Identity tenant

2. Provision a user: "abcd|somethinghere" in the SAP Cloud Identity

3. Configure SAML auth in HCP Cockpit ahainst the SAP Cloud Identity tenant

3. Assign the user to the Web IDE role in HCP cockpit

4. Access the Web IDE (login succeeds)

5. Create a Quick Start SAP UI5 project

6. Click "Run / Preview"

7. Web IDE Preview returns Access Forbidden

The issue seems to be caused by the "|" character in the username of the authenticated user. Other usernames work just fine.

Is the "|" character unsupported for usernames, is this a known issue?

Many thanks.

Pavel


Ask a Question