Well, we've finally cracked the case! I had some help of my fellow enthousiasts at Mendix. The problem is that when the SAP Gateway server returns the call, all metadata (uri etc) is provided in full. This can't be filtered, it is just how it is and sometimes to much. Lets look at the basic call (build up from the global variable and some string concatenations) to get some kind of list (pseudo code, but you get the idea)
https:\\serveraddress\sap\opu\someservice\myentitySet
Based on that we get a list of entities. They have associations with some “otherentity”. To call this, the gateway server returns
https:\\serveraddress:port\sap\opu\someservice\myentityset(keyofentity)\to_otherentity
Put it into the browser, all works fine. Put it through Mendix, it returns an 403 error. It looks like the browser "removes” the port part of the uri. Therefor it works on the browser. Mendix doesn't, therefor the call goes wrong (I'll post that as an idea as well to fix it :-) )
I finally decided to, before I call the to_deferred part of the entity, remove the port part in the URI. Execute → Result! Works fine!
I'll try to create a java action for this (myfirstmendixjavaaction) and will use it within my project. This action will somehow remore the :port part in the uri and call it like that. Not sure if I can make it fully bulletproof but if will do for now!
Hope this helps a little. Removing the :port part solved the issue.
All the best and thanks again to my Mendix colleagues for their help!
Laurens