Skip to end of metadata
Go to start of metadata

Table of Contents

Overview

If there are problems in the OAuth 2.0 Client's redirection endpoint, you could use the report SEC_TRACE_ANALYZER for troubleshooting. It should make it easier to find relevant error messages in the various trace logs.

The OAuth 2.0 Client's redirection endpoint is called in the authorization code flow by browser redirect from the authorization server (e.g. SAP HCP, MS Azure). This redirection is described in steps C and D in the article The OAuth 2.0 authorization code grant type.

The path to the redirection endpoint is /sap/public/bc/sec/oauth2/client/redirect .

 

TaskDescription
Connect to redirect server using SAP GUIStart a SAP GUI connection. Make sure that you are working on the server that is registered in the redirect URI in HCP. Use transaction SM51 to switch servers if you are working on a different server.

Start report SEC_TRACE_ANALYZER

in transaction SE38,
configure it as displayed and activate the user trace.

Enter the path /sap/public/bc/sec/oauth2/client/redirect in the field ICF Service.
Set the flag “Logon Trace …” and clear the flag “Record Requests”.

Then press “Activate User Trace” – this will start the trace.
Execute the authorization code flowExecute the authorization code flow as described in section "Request OAuth 2.0 Tokens".
Show the user traceSwitch back to the report SEC_TRACE_ANALYZER and press “Show User Trace”.
Successful execution

If the authorization code flow was executed successfully the trace tool should show the above picture. You can see detailed trace information expanding the result lines.

Proxy configuration

 

TaskDescription
Proxy configuration problem

If there is an error “Connect to … failed: NIEHOST_UNKNOWN” during executing the authorization code flow this indicates a problem with the proxy configuration.

Make sure that the proxy settings are configured correctly then as described in section "Configure Proxy settings".

SSL configuration

TaskDescription
SSL configuration problem

If there is an error “SSL handshake with … failed: SSLERR_PEER_CERT_UNTRUSTED (-102)” during executing the authorization code flow there is a problem with the SSL certificate.

Make sure that the SSL configuration is correct then as described in section "Configure SSL settings".

 

401 Unauthorized

TaskDescription
Client Authentication error during Access Token Request

If there is an error “401 Unauthorized” during executing the authorization code flow make sure that the client secret in the HCP and in the AS ABAP configuration is configured correctly.

426 Upgrade Required

TaskDescription
Client Authentication error during Access Token Request

If there is an error "426 Upgrade Required", please check note 2847004 - OAuth Client - OAuth 2.0 Authorization Server responds HTTP/1.1 426 Upgrade Required

  • No labels