SAP NetWeaver IdM REST API UI – calling POST method/example

 

            I had a problem executing a POST method, after a new security requirement was added (the Virus Scan Interface has been enabled) within IdM  REST Interface Version 2 to prevent XSRF attacks. So I had to execute a non-modifying request (GET, HEAD, OPTIONS) first, where the X-CSRF-Token header field has the value Fetch. And after I had the value from my fist call in X-CSRF-Token header field I was able to execute a modifying request (POST…). Here is an example, how I do that:

var xsrfTokenValue=””;

var myData = new Object();

$.ajax({

                type: “GET”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                async: false, 

                contentType: ‘application/json’, 

                headers: {

                               “X-CSRF-Token”: “Fetch”,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                success: function(res, status, xhr){

                     xsrfTokenValue =xhr.getResponseHeader(“X-CSRF-Token”);

               }

});

$.ajax({

                type: “POST”,

                url : “http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}“,

                dataType : “json”,

                headers: {

                               “X-CSRF-Token”: xsrfTokenValue,

                               “X-Requested-With”: “JSONHttpRequest”,

                               “X-Requested-With”: “XMLHttpRequest”,

                               “Content-type”: “application/x-www-form-urlencoded”

               },

                data:myData,

                async: false, 

                contentType: ‘application/json’,

                success: function(data){

               }

});

Note:

  • Into xsrfTokenValue variable is the value for X-CSRF-Token header stored(from the GET method)
  • into my headers I have all required IdM headers.
  • Into myData(in my POST request) you can dynamically generate the Object(the needed data send back to IdM) send with the POST method
To report this post you need to login first.

7 Comments

You must be Logged on to comment or reply to a post.

  1. Tim Malich

    Big Big Thanks!!!

    Btw: I’m using a proxy server for the CORS request and had also to set this config:

    Header set Access-Control-Expose-Headers “x-csrf-token”

    (0) 
  2. Rodrigo Monteiro

    I’m trying to access a rest through JSONModel with but unfortunately I’ve had a trouble.


    The error is:

    Additional information: The HTTP method ‘OPTIONS’ of the incoming request (with URI ‘http://localhost:36172/RestSe rviceImpl.svc/token‘) is not allowed.


    The code is:

    var oModel = new sap.ui.model.json.JSONModel();

    var url =’http://localhost:36172/RestS erviceImpl.svc/token‘;

    var parameters ={};

    var headers ={};

    headers.Authorization =’Access-Control-Allow-Origin: true’;

    headers.setHeader =’Accept: application/json’;

    headers.setHeader =’Content-Type: application/json’;

    var parameters =’username=wcorrea,password=12 3456,expiration=500′;

    //var parameters =’wcorrea,123456,500′;

    oModel.loadData(url, parameters, false, “POST”, false, “false”, headers);


    Does anyone have an idea what’s going on?


    Tks

    Rodrigo

    (0) 
  3. Fernanda Marques

    Hi guys,

    I’m new to SAP IdM so I was wondering if you could help me. I could understand this code, but I don’t know how/where it is called on SAP. Can anybody tell me?

    From what I see, you provide the MSKEY and TASKID, but where?

     

    Many thanks in advance.

    (0) 

Leave a Reply