SAP odata and cloud connector

1
hi all, I am trying to consume SAP odata service in mendix application. I am getting 403 error - Access denied to the system .Resources are not exposed correctly in the SCC. and XSUAA token is not generated for mendix user. But in my cloud connector resources are reachable and we are able to consume in other applications. But why mendix is unable to use those resources. Is there any configurations i need to do further? Kindly let me know the further steps. Thanks Thilagavathi    
asked
11 answers
1

Hi Thilagavathi,

 

Could you give us a bit more information regarding your application and how you have produced this error? Have you tried to get your XSUAA token?

In order to work with your cloud connector, you need to have a XSUAA token for your users.

Here is a small documentation regarding SAP cloud connector which is the connector that we use to connect to your cloud connector:

https://docs.mendix.com/refguide/sap/sap-cloud-connector

Here is a documentation regarding the steps that you need to take in your Mendix app to use our XSUAA connector to get a XSUAA token: 

https://docs.mendix.com/howto/sap/use-sap-xsuaa-connector

Here is a step that you also need to take to connect your users in your idp to the roles and scopes of your mendix application:

https://docs.mendix.com/refguide/sap/sap-xsuaa-connector

 

answered
0

sorry Thilagavathi, 

I didn't notice you have replied. 
Have your tried to set the log levels of the connector to Trace to see if you receive any specific error? When you are trying to login, do you get the page with a button that says login with your xsuaa account? does that work without problem? That should generate your xsuaa token.
Could you explain the set of steps that you're taking at the moment?

answered
0

hi mehran,

Thanks.

Actually i bypassed that page using this code.

Not sure why token is not getting generated.

PFB logs:

 

kindly let me know if any other things i need to check.

Regards

Thilagavathi

answered
0

So as far as I'm seeing you're not triggering the login.html.

You are allowing anonymous users for your application and because of that, you are not prompted with the login page at the first place and you get redirected to your homepage directly. 

The problem is that then you're not able to use the xsuaa module to authenticate against your backend system.

So could you try navigating to your project security page and block anonymous users to access your app?
Alternatively you could also go manually to the login page by adding /login.html at the end of your application url.

if you then login with your xsuaa account, you shouldn't have this issue any longer.

answered
0

hi Mehran ,

Thank you.
I blocked my anonymous  access to my app.
As you said I getting that login page for giving my XSUAA account but the problem is "user whomever I'm entering here is passed as anonymous only " .

I changed my access right settings  in my Administrator.account entity also. But still not working.

Kindly let me know if I'm wrong.

answered
0

You need to explain a bit more on how you're getting this error, Thilagavathi. what action did you take before it and what were you expecting the result to be?

looking at your screen shot, the issues that you're having are both security issues, you are either missing some permissions on the entity accesses on the Administration.Account and the MxObject or you have created the entity accesses correctly, but haven't mapped all of them to you application's user and admin roles on the security -> user roles tab

answered
0

hi all,

I have checked the security settings of Account entity. It is having the access for creating objects for all user roles.

As per mendix docs , i understood that the Role assigned for that user in SAP cloud platform will be mapped to underlying user roles in mendix.( Correct me if im wrong)

PFB logs

As per my previous question, I am still getting the same error of security. kindly let me know the next steps.

Thanks in advance

answered
0

hi all,

I have restricted the access of anonymous users as per suggestions.

But the problem is the SAP credentials which ever is passed to generate XSUAA token is taken as Anonymous user in mendix application.

But as per mendix docs :They will be assigned to the roles in the Mendix application based on the scopes they have received from the XSUAA service. The scopes are defined by the mapping between the role templates and the role collections.

 This role assignment is not happening i guess.

As mentioned before still im facing administration entity security error.(i have checked the entity access rules ...it is fine)

PFB logs for the XSUAA generation and warnings faced:

 

Kindly let me know the next steps and correct me if my understanding is wrong.

Thanks

 

 

answered
0

hi all,

I have restricted the access of anonymous users as per suggestions.

But the problem is the SAP credentials which ever is passed to generate XSUAA token is taken as Anonymous user in mendix application.

But as per mendix docs :They will be assigned to the roles in the Mendix application based on the scopes they have received from the XSUAA service. The scopes are defined by the mapping between the role templates and the role collections.

 This role assignment is not happening i guess.

As mentioned before still im facing administration entity security error.(i have checked the entity access rules ...it is fine)

PFB logs for the XSUAA generation and warnings faced:

 

Kindly let me know the next steps and correct me if my understanding is wrong.

Thanks

 

 

answered
0

hi all,

I have restricted the access of anonymous users as per suggestions.

But the problem is the SAP credentials which ever is passed to generate XSUAA token is taken as Anonymous user in mendix application.

But as per mendix docs :They will be assigned to the roles in the Mendix application based on the scopes they have received from the XSUAA service. The scopes are defined by the mapping between the role templates and the role collections.

 This role assignment is not happening i guess.

As mentioned before still im facing administration entity security error.(i have checked the entity access rules ...it is fine)

PFB logs for the XSUAA generation and warnings faced:

 

Kindly let me know the next steps and correct me if my understanding is wrong.

Thanks

 

answered
0

hi all,

I have restricted the access of anonymous users as per suggestions.

But the problem is the SAP credentials which ever is passed to generate XSUAA token is taken as Anonymous user in mendix application.

But as per mendix docs :They will be assigned to the roles in the Mendix application based on the scopes they have received from the XSUAA service. The scopes are defined by the mapping between the role templates and the role collections.

 This role assignment is not happening i guess.

As mentioned before still im facing administration entity security error.(i have checked the entity access rules ...it is fine)

PFB logs for the XSUAA generation and warnings faced:

 

Kindly let me know the next steps and correct me if my understanding is wrong.

Thanks

 

answered