通过OAuth2Bearer断言身份验证配置目标进行评估时访问S4Hana系统时出现问题 [英] Problem accessing S4Hana system when assessing via OAuth2Bearer Assertion authentication configure destination
问题描述
我通过以下方式生成了项目
I've generated project via:
mvn archetype:generate -DarchetypeGroupId=com.sap.cloud.s4hana.archetypes -DarchetypeArtifactId=scp-cf-spring -DarchetypeVersion=LATEST
我包括了S4Sdk jar,并访问了S4Hana V2 API.该代码可以在基本身份验证下正常运行,但是当我将目标类型配置为"OAuth2SAMLBEARER ASSERTION"时,通过.execute调用访问S4Hana API时,CF日志中出现以下错误. :
I included S4Sdk jars and accessing S4Hana V2 API. The code works fine with Basic authentication but when I configure destination type as "OAuth2SAMLBEARER ASSERTION" I get the following error in CF logs when accessing S4Hana API's via .execute calls. :
2018-09-07T06:37:22.728+0000 [APP/PROC/WEB/0] ERR ... 1 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get access token for destination service.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:107)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:117)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:26)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR ... 26 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequestFailedException: Failed to get access token: no valid JWT bearer found in "Authorization" header of request.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.getCurrentJwt(TokenRequest.java:307)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.requestTokenWithUserTokenGrant(TokenRequest.java:348)
请注意,我已经在S4Hana系统与子帐户之间建立了信任关系,已配置了通信和业务用户,主要传播步骤如下所示:
Note I've established trust between S4Hana system and subaccount, communication and business users are configured, principal propagation steps as specified in: https://blogs.sap.com/2018/02/05/deep-dive-8-with-sap-s4hana-cloud-sdk-leverage-principal-propagation-via-oauth-2-when-consuming-a-business-api-from-s4hana-cloud/ ,
请检查并告知我是否需要为此配置其他内容.
Please check and let me know if something else needs to be configured for this.
我尝试通过评论中建议的博客创建approuter,但是在cf中部署approuter时出现错误:
I tried creating approuter via blog suggested in comments but i'm getting error in deploying approuter in cf:
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > @sap/approuter@2.10.0 start /home/vcap/app
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > node approuter.js
2018-09-07T20:01:25.50+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:25:497#+00:00#WARNING#/LoggingLibrary################PLAIN##Dynamic log level switching not available#
2018-09-07T20:01:28.89+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:28:897#+00:00#INFO#/approuter################PLAIN##Application router version 2.10.0#
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR /home/vcap/app/lib/utils/JsonValidator.js:30
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR throw new VError('%s%s: %s',
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR ^
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR VError: environment-destinations/0/url: Format validation failed (URI must be absolute)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at JsonValidator.validate (/home/vcap/app/lib/utils/JsonValidator.js:30:11)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.validateEnvDestinations (/home/vcap/app/lib/configuration/validators.js:100:15)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at loadDestinations (/home/vcap/app/lib/configuration/env-config.js:55:14)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.load (/home/vcap/app/lib/configuration/env-config.js:20:28)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.module.exports.load (/home/vcap/app/lib/configuration.js:15:37)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at bootstrap (/home/vcap/app/lib/bootstrap.js:47:36)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Approuter.start (/home/vcap/app/approuter.js:58:13)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.<anonymous> (/home/vcap/app/approuter.js:115:6)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Module._compile (module.js:577:32)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.Module._extensions..js (module.js:586:10)
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Linux 4.4.0-133-generic
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! argv "/home/vcap/deps/0/node/bin/node" "/home/vcap/deps/0/bin/npm" "start"
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node v6.14.3
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! npm v3.10.10
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! code ELIFECYCLE
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! @sap/approuter@2.10.0 start: `node approuter.js`
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Exit status 1
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR!
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Failed at the @sap/approuter@2.10.0 start script 'node approuter.js'.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Make sure you have the latest version of node.js and npm installed.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! If you do, this is most likely a problem with the @sap/approuter package,
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! not with npm itself.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Tell the author that this fails on your system:
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node approuter.js
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! You can get information on how to open an issue for this project with:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm bugs @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! Or if that isn't available, you can get their info via:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm owner ls @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! There is likely additional logging output above.
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! Please include the following file with any support request:
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! /home/vcap/app/npm-debug.log
您能在这里帮我吗?我从博客中建议的链接下载了approuter.
Can you please help me here. I downloaded approuter from the link suggested in blog.
推荐答案
该问题已通过让应用路由器将JWT令牌发送到Java应用程序来解决.需要为xs-app.json之类的文件集配置正确的正则表达式,以将其映射到在应用路由器的manisfest.yml中创建的目标.在清单中创建的特定目标应使用"forward-token:true"指向您的Java服务.
The issue was solved by having app router send the JWT token to Java application. There are set of files like xs-app.json that needs to be configured with the correct regular expression for the map to destinations created in manisfest.yml of your app router. The specific destination created in the manifest should point to your java service with "forward-token: true".
除此之外,根据应用程序的要求,创建的XSUAA服务实例应具有在xs-secuity.json中定义的正确身份验证范围.
Apart from this, your XSUAA service instance created should have proper auth scopes defined in xs-secuity.json as required by your application.
对于上述错误,如果我们使用从应用路由器接收到的带有承载令牌的Java服务来正常运行.您还可以通过在xs-app.json中配置适当的regex,直接从应用路由器访问该应用.
For above error, if we call the java service with bearer token as received from app router it works fine. You can also access the app directly from app router by configuring proper regex in xs-app.json.
这篇关于通过OAuth2Bearer断言身份验证配置目标进行评估时访问S4Hana系统时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
