Skip to Content
Technical Articles
Author's profile photo Vamsi Krishna Chintharlapalli

Step By Step PI\PO Mail Adapter OAuth 2.0 Configuration with Office365


Step By Step PI\PO Mail Adapter OAuth 2.0 Configuration with Office365

  1. Prerequisites
  2. Azure Side setting
  3. PI\PO Mail Adapter side settings

In the current PI Mail adapter, it supports only Basic Authentication in Microsoft Exchange Online. From October 2020 onwards, Microsoft has decided to end the support of Basic Authentication Mode and only support OAuth 2.0 Authentication Mode. For more details refer the below link (published in September 2019) :

https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/

Recently, Microsoft has decided to postpone disabling Basic Authentication in Exchange Online for those customers still actively using it until the second half of 2021. In the meantime, Microsoft will continue to disable Basic Authentication for newly created tenants by default.  Starting in October 2020 they will also start to disable Basic Authentication in tenants that have no recorded usage. This means that applications that are using Basic Authentication to connect to Exchange Online might face authentication failures when adopted by a customer who is new to Exchange Online or has not used Basic Authentication applications before.

For more details refer the below link (published in April 2020) :

https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online/

 

1.Prerequisites

Microsoft Azure:

  1. If you want to connect PI\PO to Office 365 with OAuth 2.0, you need a directory/tenant in Microsoft Azure Active Directory.
  2. You need a User which has required permissions and subscription in Azure Active Directory( like Administrator or Developer role).
  3. You need a User with a subscription to access the “Mail Account” in office365. Please check whether the mail flow (outgoing \ incoming) is working.

SAP NetWeaver PI\PO :

  1. You need the SAP PI\PO system along with Developer or Admin roles to the PI user. If you have an admin role then, you can make all the necessary configurations, without any issue.
  2. This feature is available in 7.50 SP17 onwards. In this blog, I will be referring to SP21 because caching of refresh and access token feature is enabled from SP21 onwards.
  3. As Office365 is in the cloud, you have to check with your network team whether the port 993(sender side)/587(receiver side) is open. If it is not open then the connectivity will not happen from the Mail adapter.

 2. Azure Side settings:

  1. App Registration
  2. Client Secret
  3. API Permissions
  4. Redirect URL & Copy Endpoint

 

Note: Depending on organisational limits, you may not have access to Azure \ Office365. In this case you can request your Exchange Administrator to setup the below configurations.

You need below parameters to configure OAuth with  PI\PO Mail Adapter.

  • OAuth User ( Office365 user)
  • Client ID
  • Tenant ID
  • Client Secret

 

1)App Registration

a)Open the Microsoft Azure link : https://portal.azure.com/#home

 

b) Select App registrations (or from Manage Azure Active Directory->View-> Manage(on left)-> App registrations.

 

c)Once you open App registrations you can create new registrations or see existing ones.

 

d) Now you can register an application on this page depending upon your account type. In my case I am using a single tenant. Next-> Click on register.

 

e) Once you register you can verify the same, by checking in owned applications under the registered app.

f) Click on your registered application and check the below parameters need for further details :

Application (client) ID   : XXXXXXXXXXXXXXXXXXXXXXX

Object ID                      : XXXXXXXXXXXXXXXXXXXXXXX

Directory (tenant) ID    : XXXXXXXXXXXXXXXXXXXXXXX

 

2) Client Secret

 

a) We need this client secret for OAuth 2.0 authentication(which is also configured in mail adapter communication channels), For this  you need to create a new client secret in your App.

b) Open your application -> Click on “Certificates & Secrets” (on left) -> click on “New Client Secret”.

 

 

 

 

c) Once you provide all the required details, the client secret will be created successfully.

Note: The client secret will only visible during the time of creation. For your usage copy and save it in a secure area. This will be required while configuring the mail channels.

 

3)API Permissions

a) You need to give API permission to authorise the PI Application to access Azure.

b) Open the App registration -> Click on “API Permission”(on left side) -> Click on “Add a Permission” -> Microsoft APIs -> Select Microsoft Graph

c) Depending on the business requirement, you can select the required API permission. In my case-study, as it is a test system, I have selected the below permissions:

 

 

4)Redirect URL&Copy Endpoint

a) In the first step, the generated authorization code will be sent back to the PI application via Redirect URL. Hence we have to define the required redirect URI in Azure. This redirect URI is used internally for PI processing.

b)Open Application -> Click on Redirect URLs in Essentials -> Under “Web” you can add the required redirect URL by clicking on “Add URI”.

 

 

c) Contact your PI/PO developer or consultant while defining the REDIRECT URI in Azure Directory. It should be in-line with the mail adapter channel configuration.

d) Use the channel configuration to fill all the details(like Party, Service and Channel) to create a redirect URI in Azure Portal. Here is the format for your reference :

“https://<host>:<https-port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Business Component\Communication Component>”

e) Once you have completed all the above settings copy the end point details as mentioned below :

 

 

Share the below details to your PI\PO Developer or Consultant.

  • OAuth User( Office365 user)
  • Client ID
  • Tenant ID
  • Client Secret
  • Endpoint URLs

 

 

 

 

3.PI\PO Mail Adapter side settings

 

  1. Sender Side configuration
  2. Receiver Side Configuration

 

PI\PO Mail Adapter will support OAuth 2.0 based authentication(with Office365)on both sender and Receiver side.

Use IMAPS / 993 (port) in the URL.

SMTPS / 587 (port) in the URL.

 

1) Sender Channel configuration

As mentioned earlier you need to get the below parameters to configure them in mail sender adapter communication channel.

  1. URL
  2. OAuth User( Office365 user)
  3. Client ID
  4. Tenant ID
  5. Client Secret

Follow the below steps while configuring the mail sender channel :

a)Configure sender channel as given below :

 

b)Once you save and activate the channel, create Redirect URL as per the below format :

“http://<host>:<port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

Provide this to Azure administrator to use while adding Redirect URl ( Please      Refer: 2. Azure Side settings ->4) Redirect URL & Copy Endpoint)

You have to encode the Redirect URI  else you will face “URL specified request does not match” error while generating the refresh token.

c)Once the Redirect URI is updated in the Azure portal, proceed to generate tokens(refresh/access) with the below URL

“https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>”

Required Scope for Sender side : “https://outlook.office365.com/IMAP.AccessAsUser.All”

d) Once you execute the above URL, Check the result in the browser itself.

 

Note: These tokens are generated with the help of authorization code, which is generated while executing the above URL(in the background). After successful generation of the tokens, they will be stored in cache. While executing the URL, you will be required to provide the login details of Azure(First) and  PI/PO (next).

 

 

2)Receiver Side Configuration

Follow the same steps(as mentioned for Sender side Configuration)  and use SMTP protocol to send mails to Office365 via OAuth 2.0 authentication.

Required Scope for Receiver side: https://outlook.office365.com/SMTP.Send

 

The above steps will help you to configure PI\PO Mail Adapter with OAuth 2.0 authentication with Office365.

You can refer to the SAP Note & documentation below for more information.

Note: 3021526 , 2928726 

SAP NetWeaver 7.5 – SAP Help Portal

https://blogs.sap.com/?p=1513724

 

 

Additional Information:

Note1: In case of multi server environment, the OAuth tokens stored in the Cache are not retrieved properly. This leads to failure of the scenario during the runtime (error being: Refresh token has to be generated again)

Solution: Please apply the patch as present in this note (  3169585 ). After applied while generating the refresh token the value of the token is displayed on the screen( You can copy the token value) ,  Additionally a new “Additional Parameter” (as shown in the below screenshot) is added for the mail sender channel with the name as ‘IMail.refreshToken’ and the value of refresh token should be stored with this parameter in the mail sender channel (Make sure you include double quotes in your token)

eg: if the value of refresh token as displayed on browser is 0.ALSKDHLAKSYOQEW…..alsdll, then in channel add following value “0.ALSKDHLAKSYOQEW…..alsdll”).

 

Note2From SP24 onwards once refresh token generated successfully no need to generate it again, If you generate you will get exception like below, Existing token will be available as per the time line.

Key ID **************************************_Refresh already exists in database: com.sap.sql.exception.OpenSQLIntegrityConstraintViolationException: ORA-00001: unique constraint (UNKNOWN.obj#=*********) violated

OpenSQLExceptionCategories: [NON_TRANSIENT, INTEGRITY_CONSTRAINT_VIOLATION]

3165141 – New F: Issue with access\refresh token in multi server nodes environment in Mail( OAuth) (sap.corp)

 

 

 

Assigned Tags

      89 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Venkatesulu Guruvappa
      Venkatesulu Guruvappa

      Hi Vamsi,

      Good info Vamsi.. i have followed the same for my Oauth implementation in my project. it worked as per your guidelines. Thanks a lot 🙂

       

      Regards

      Venky

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      If you facing an error like  “Peer Certificate error” while generating the refresh token then, please follow the below steps :

       

      • Download the below certificates from Microsoft site
        • BaltimoreCyberTrustRoot.crt
        • DigiCertGlobalCAG2 (1).crt
        • DigiCertGlobalRootCA.crt
        • stamp2.login.microsoftonline.com.crt
      • Please import all the certificates under TrustedCAs view(in NWA page) one by one with X509 category, You can see in browser site view information.
      • Try generating the refresh token again. It will be successful
      Author's profile photo Joseph Li
      Joseph Li

      Hi Vamsi

      How often does the token expire? Mine seems to be expiring pretty quick. Would this be a configuration at the MS or SAP end?

      Regards

      Joseph

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Joseph,

      As per Microsoft token will expire in 90 days, Check the below link may help you.

      https://docs.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens

      Regards,

      Vamsi.

      Author's profile photo Lena Zhaburtovich
      Lena Zhaburtovich

      Hi Vamsi,

       

      We cannot generate tokens after we performed all the configuration steps, we're getting error:

      Exception occurred while retrieving Access/Refresh Token. Please collect and check XPI Trace for further information.
      Access/Refresh token can not be retrieved. Please collect and check XPI Trace for further information.

       

      But nothing useful in XPI Trace.. Any suggestions on it?

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Lena,

       

      I need more details to check , Please recheck client secret\URL\channel settings again.

      Collect XPI OAuth Logs:

      1. Open XPI_ Inspector : http://host:50XXX/xpi_inspector/index.jsp
      2. Select Example 100 and add below log locations depend on your case

       

      Refresh Token Generation Issue:

      com.sap.aii.af.sdk.xi.net

      com.sap.aii.af.sdk.xi.oauth.

      com.sap.aii.af.sdk.xi.util.MailOAuthUtil

      com.sap.aii.adapter.soap.web.MessageServlet

       

       

      For all Mail Adapter OAuth issues:

      com.sap.aii.af.sdk.xi.oauth

      com.sap.aii.adapter.soap

      com.sap.aii.adapter.mail

      com.sap.aii.af.sdk.xi.net

      com.sap.aii.af.sdk.xi.srt

      com.sap.aii.af.sdk.xi.util.MailOAuthUtil

      com.sap.aii.adapter.soap.web.MessageServlet

      Above log locations in XPI will help you  to get the exact issue where it is happening Mail Adapter OAuth scenarios.

       

      Regards,

      Vamsi.

      Author's profile photo Lena Zhaburtovich
      Lena Zhaburtovich

      Oh, thanks a lot for these log locations, I was just guessing till now, what to choose.

      So, now I got an error in XPI Trace, can you tell what is it about? Our Redirect URI is definetly including the channel name..

      Exception occurred while retrieving Access/Refresh Token : java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.service.cpa.Channel.getObjectId() of a null object loaded from local variable 'channel'

       

      BTW, I couldn't find in our log locations the com.sap.aii.af.sdk.xi.util.MailOAuthUtil, may be we're missing something in our installation? We have PI 7.50 SP23

      Thanks a lot for your blog and your help!!

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Dhira Jain,

      Please recheck redirect URL as per below steps

      b)Once you save and activate the channel, create Redirect URL as per the below format :

      “http://<host>:<port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

      Provide this to Azure administrator to use while adding Redirect URl ( Please      Refer: 2. Azure Side settings ->4) Redirect URL & Copy Endpoint)

      You have to encode the Redirect URI  else you will face “URL specified request does not match” error while generating the refresh token.

      c)Once the Redirect URI is updated in the Azure portal, proceed to generate tokens(refresh/access) with the below URL

      “https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>”

      Required Scope for Sender side : “https://outlook.office365.com/IMAP.AccessAsUser.All”

       

      Regards,

      Vamsi.

       

      Author's profile photo Lena Zhaburtovich
      Lena Zhaburtovich

      Hello Vamsi!

       

      We're stlii having the problem and have an open incident in SAP for quite a while already,

      do you know what can cause absence on Trace Location com.sap.aii.af.sdk.xi.util.MailOAuthUtil?

      Thanks a lot,

      Lena

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      1761446 - Creating custom trace locations for 7.10/7.11/7.30 system

       

      Author's profile photo Sonu Mandal
      Sonu Mandal

      Hi Lena and Vamsi,

      We are also facing the same error and XPI Trace, are you able to fix it somehow? Please let me know.

       

      Thanks!

      Sonu

       

      Author's profile photo Dhira Jain
      Dhira Jain

      Hi,

      we have done all configurations.

      we are getting error in generating refresh token, any suggestions.

      specified in the request does no match the redirect URIs configured for the application 'd8a4dc76-978a-4206-9879-ab254c45618e'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal

       

      br,

      Dhiraj

      Author's profile photo Rodrigo Duarte
      Rodrigo Duarte

      Hi Dhira,

      I got the same issue, I realize when you activate the channel on PI/PO side and get the address of channel for exemple “http://<host>:<port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>” this URL works using 80 port on PI/PO side and in my case I running a new MS Azure Tenant, that refused HTTP connection for web URI, accept only 443 port (HTTPS) that's why I got the error "the address does not match" and to make matters worse I running the last version of PI/PO there is a new field called (RefreshToken) is required for configuration and I can't find any information to configure reason that I get the error "Invalid token refresh" when I ping the Channel.

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Duarte,

       

      As per the attached screenshot, I saw request URL does not match the redirect URL configured in the Azure,

      Please recheck redirect URL as per below steps

      b)Once you save and activate the channel, create Redirect URL as per the below format :

      “http://<host>:<port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

      Provide this to Azure administrator to use while adding Redirect URl ( Please      Refer: 2. Azure Side settings ->4) Redirect URL & Copy Endpoint)

      You have to encode the Redirect URI  else you will face “URL specified request does not match” error while generating the refresh token.

      c)Once the Redirect URI is updated in the Azure portal, proceed to generate tokens(refresh/access) with the below URL

      “https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>”

      Required Scope for Sender side : “https://outlook.office365.com/IMAP.AccessAsUser.All”

       

      Thanks & Regards,

      Vamsi.

      Author's profile photo Anand Surisetty
      Anand Surisetty

      I have tried but while adding URL it is accepting only https. It is not taking http

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Redirect URIs  scheme will be https, I think http will be only for localhost. In your case use https. 

      Author's profile photo Tränkle Michaela
      Tränkle Michaela

      Hi,

      we have done all configurations, but we are getting an error in generating the token.

      I tried to analyze it with the XPI inspector and get the following:


      Error: RefreshToken has to be generated again.

      We are on SP24.

      Does anyone have any suggestions?

      Thanks and best regards,

      Michaela

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Michaela,

       

      Please regenerate refresh token to avoid this issue, Please check the success message after generating the URL.

       

      Regards,

      Vamsi.

      Author's profile photo Tränkle Michaela
      Tränkle Michaela

      Hi Vamsi,

      thanks for the reply.
      Unfortunately, it never worked before to create a token. So we are still trying to generate the first one.

      This is the message we get when trying to generate:

       

      Regards,

      Michaela

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      In case of multi server environment, the OAuth tokens stored in the Cache are not retrieved properly. This leads to failure of the scenario during the runtime (error being: Refresh token has to be generated again)

      Solution: Please apply the patch as present in this note (  3169585 ). After applied while generating the refresh token the value of the token is displayed on the screen( You can copy the token value) ,  Additionally a new “Additional Parameter” (as shown in the below screenshot) is added for the mail sender channel with the name as ‘IMail.refreshToken’ and the value of refresh token should be stored with this parameter in the mail sender channel.

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Auth Code is retrieved successfully. Attempting to retrieve the Auth Token.

      Status information:

      Exception occurred while retrieving Access/Refresh Token. Please collect and check XPI Trace for further information.
      Access/Refresh token can not be retrieved. Please collect and check XPI Trace for further information.

       

       

      Getting above error, Please help

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Kindly collect XPI 100 logs share me log details.

      Refresh Token Generation Issue:

      com.sap.aii.af.sdk.xi.util.MailOAuthUtil

      com.sap.aii.adapter.soap.web.MessageServlet

       

      For all Mail Adapter OAuth issues:

      com.sap.aii.adapter.mail

      com.sap.aii.af.sdk.xi.net

      com.sap.aii.af.sdk.xi.srt

      Author's profile photo Anand Surisetty
      Anand Surisetty

      HI Vamsi

      I am Using SP23 and unable to find com.sap.aii.af.sdk.xi.util.MailOAuthUtil trace

      please find the below trace detail

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      This is because of some issue while generating refresh token, Seems to be some configuration issue, please recheck settings as per the above steps.

      Author's profile photo Rajesh Kandari
      Rajesh Kandari

      Hi Vamsi,

       

      We have followed all the steps mentioned in your blog and was able to generate refresh token, have configured all the credentials in the mail channel configuration, but we see authenticate error from the channel log, below is the screenshot of it, any idea what is going on? your help is much appreciated.

      Authenticate%20Error

       

      OAuth User: emailuser@mail.com   (Email_ID)

      Channel%20ConfigAuthenticate Error

       

      XPI Inspector Log:

      I have never configured redirect URI as

      " http://localhost:50000/XISOAPAdapter/MessageServlet?channel=xxxxx&party=xxxxx&service=xxxxx"

      neither in PI nor in Azure portal, not sure from where PI is picking up the host as localhost in the redirct URL.

      In Azure redirect URI is:

      https://pihost:50001/XISOAPAdapter/MessageServlet?channel=xxxxx&party=xxxxx&service=xxxxx"

      Upon activating the channel i see below error: 

       

      Thank you

      Author's profile photo Gilson A Rodrigues
      Gilson A Rodrigues

      I have a similar issue here, i've configured the redirect URI with http://localhost:50200/XISOAPAdapter/MessageServlet?channel=xxxxxx&party=xxxxx&service=xxxxx, this URL was configured in Azure and I used the same url to request the authorization code, but, somehow the PI when requesting the authentication token changes the url in the request reader to https://localhost:50200/XISOAPAdapter/MessageServlet?channel=xxxxxx&party=xxxx&service=xxxxx, thus the request fail as the authentication server says invalid client because the redirect uri mismatch.

      We can see this on XPI logs, here the post parameters says https://localhost

      But the server response blames invalid client due the url mismatch

      We are on SP24, no patch, could somebody help? Thanks

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Thanks Vamsi, Now MY OAUTH is working

      Author's profile photo Sonu Mandal
      Sonu Mandal

      Hi Anand,

       

      We are also getting the same error, could you please let me know how you fix it.

       

      Thanks!

      Sonu

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Sonu

      Configure your redirect URL like below, if party is empty you need leave it as blank like below. service=business component of your mail channel

      Author's profile photo Sonu Mandal
      Sonu Mandal

      It worked Anand... thanks a lot!

      Author's profile photo Sonu Mandal
      Sonu Mandal

      Hello All,

       

      We are able to generate the refresh token but getting some other error now. Attaching the screen shots of Comm Channel monitoring.

      Processing error:

      ChannelPing:

       

      Thanks!

      Sonu

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Sonu,

       

      It is because of permissions for user(email Id). You need add permissions for User to read an access. contact your ms exchange admin.

      Author's profile photo Jacob Monberg
      Jacob Monberg

      Hi

      We were able to connect to the mailbox via Oauth, but after a few hours we started to get this error:

      Error

       

      Have anyone seen this before?

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      From SP24 onwards once refresh token generated successfully no need to generate it again, If you generate you will get exception, Existing token will be available as per the time line.

      Key ID *********************_Refresh already exists in database: com.sap.sql.exception.OpenSQLIntegrityConstraintViolationException: ORA-00001: unique constraint (UNKNOWN.obj#=************) violated

      OpenSQLExceptionCategories: [NON_TRANSIENT, INTEGRITY_CONSTRAINT_VIOLATION]

      3165141 - New F: Issue with access\refresh token in multi server nodes environment in Mail( OAuth) (sap.corp)

      Author's profile photo Jacob Monberg
      Jacob Monberg

      Hi Vamsi

       

      Thank you very much for your response.

      Can you force it not to update the refresh token? (We already tried setting additional parameter IMail.refreshToken)

       

      We are already patched according to note:

       

      Best regards

      Jacob

      Author's profile photo Anand Surisetty
      Anand Surisetty

      have you configured the Redirect URI as shown above comment?? and have you encoded redirect uri before executing for refresh token??

      Author's profile photo Jacob Monberg
      Jacob Monberg

      Hi Anand

       

      Yes - we have encoded redirect uri and it also worked the first time, but after a while the channel tries to refresh it and that is when it fails.

      It looks like this: &redirect_uri=https%3A%2F%2Fpolaris-d1.seas.local%3A51001%2FXISOAPAdapter%2FMessageServlet%3Fchannel%3DEDIGAS_Mail_Sender_OAuth2%26party%3D%26service%3Dswegas&party=&service=swegas&scope=https://outlook.office365.com/IMAP.AccessAsUser.All

       

      Br, Jacob

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Jacob,

      Configure your redirect URL like below, if party is empty you need leave it as blank like below. service=business component of your mail channel

      If you have configured like above I have question i.e while accessing below URL are you able to get the refresh code??

      https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Encoded Redirect-URI>&scope=<Scope>

      If you are getting the code you can configure ‘IMail.refreshToken parameter in advanced options like shown above.

      If you are not getting the code. you need apply those certificates which vamsi suggested.

      if everything working fine only channel giving the trouble means it should be permissions issue. you need check user mail ID had IMAP enabled or not

      and IMAP protocol access and user read and write access has given or not in Api permeations.

      Author's profile photo piyush pillai
      piyush pillai

      Hello Vamsi,

      Would you please help me in getting a clue as I am getting below error while fetching the refresh token. "Problem during writing to HTTPURLConnection"OAUTH_PROBLEM%20DURING%20WRITING%20HTTP%20URL

      OAUTH_PROBLEM DURING WRITING HTTP URL

      Regards,

      Piyush Raj

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Please check the config once again as suggested like above comment and provide more details like URI

      Author's profile photo piyush pillai
      piyush pillai

      Hello Anand,

      I have already tried with the encoded url and also following the same Redirect url pattern as given in  above steps below is my url but receive same error.

      redirect_uri=https://xx:xx/XISOAPAdapter/MessageServlet?channel=mail_chnl&party=&service=BS_NME&scope=https://graph.microsoft.com/.default

       

      Also tried on changing the scope to IMAPS one but I gett HTTP 500 error If the IMAPS scope is used.

      https://login.microsoftonline.com/xx/oauth2/v2.0/authorize?client_id=xx&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>

       

      Regards,

      Piyush

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Why you are using scope in reiect url??

      Configure your redirect URL like below, if party is empty you need leave it as blank like below. service=business component of your mail channel

      https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Encoded Redirect-URI>&scope=<Scope>

       

      And let us know Which SP you are using??, you can share your URL without sensitive data, I mean shown like above

       

       

       

      Author's profile photo piyush pillai
      piyush pillai

      Hi Anand,

       

      Below is the redirect URL in the redirect url there is already both party and service and party I have given it blank

      Current SP is 20 PO 7.5

       

      While calling for the refresh token I have also tried to encode the redirect URL but it gives same error Problem during writing to HTTPURLConnection

       

      Author's profile photo Anand Surisetty
      Anand Surisetty

      I think it is because of your port number. It is not 50000 and try to click on your redirict URI is it navigating or failing in web browser ?? when accessing URI it should take you  status OK screen. Please check

       

      Author's profile photo Alvaro Espinoza
      Alvaro Espinoza

      Piyush-

      how did you solved the HTTP URL Connection?- did you increase a parameter?.

      Author's profile photo Prashant Bhavsar
      Prashant Bhavsar

      Hello,

      I got strange error. I have 3 email sender channels  so I registered 3 applications on Azure for testing on dev. They are all exactly same and gave me refresh tokens by using above steps.

      Two of them are working fine, but one is giving following error on one node. (we got two nodes on dev).

      Exception caught during processing mail message; java.io.IOException: Reason : :"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: XXXX\r\nCorrelation ID: XXXX\r\nTimestamp: 2022-09-21 00:17:27Z"

      We are on PO 7.5 SP 21 Message PL 25. I have added the refresh token as additional parameter.

      Regards,

      Prashant

      Author's profile photo Prashant Bhavsar
      Prashant Bhavsar

      I did further checks and found that when PO sends request to MS to get a new token using a refresh token, its stripping last character from it.

      Is there any fix for this?

      Author's profile photo Vitor Rodrigues Araujo
      Vitor Rodrigues Araujo

      Hello,

       

      Same issue for us, failing in the second server node in dev PO. Error message:

      Exception caught during processing mail message; java.io.IOException: Reason : :"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: .....\r\nCorrelation ID: XXXX\r\nTimestamp: ......."

       

      We are on PO 7.5 SP 22, Messaging PL 16. I'm using refresh token as additional parameter.

       

      Regards,

      Vitor

      Author's profile photo Prashant Bhavsar
      Prashant Bhavsar

      Hello Vitor,

      Make sure you include double quotes in your token.

      Thanks to Aaron Suah from SAP for this tip.

      Regards,

      Prashant

      Author's profile photo Vitor Araujo
      Vitor Araujo

      Hello Prashant,

      Worked very well! Thanks.

      Regards,

      Vitor

      Author's profile photo Mateus Ricci
      Mateus Ricci

      Hi Prashant!

       

      I've set the IMail.refreshToken with the double quotes and still the error persists.

      Is there anything else that I can do to work with it?

       

      grant_type=refresh_token

      &refresh_token= Refresh token value

      &scope=openid%20offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All

      &client_id= Client ID value

       

      Author's profile photo Sonu Mandal
      Sonu Mandal

      Hi All,

       

      We got our sender channel sorted, but still facing some issue with receiver channel. Below is the error:

      ~ter.mail.service.XIMailAdapter.call Unable to call the mailer: com.sap.aii.af.sdk.xi.srt.BubbleException: Failed to call the endpoint  [null "null"]; nested exception caused by: com.sap.aii.af.sdk.xi.srt.BubbleException: Failed to call the endpoint  [null "null"]; nested exception caused by: javax.mail.AuthenticationFailedException: 535 5.7.3 Authentication unsuccessful [BLAPR05CA0038.namprd05.prod.outlook.com]

       

      Thanks!

      Sonu

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Could you please recheck firewall\any security  blocker for 587 port in your organisation.

       

      Check cmd

      telnet smtp.office365.com 587

      Author's profile photo Prashant Bhavsar
      Prashant Bhavsar

      Hello Vamsi,

       

      I am also getting similar error. Our current connection is working with simple authentication and STARTTLS.

      Telnet from PO server is working without any issue.

       

      Do I need to do any changes on MS side ?

      Regards,

      Prashant

      Author's profile photo Sonu Mandal
      Sonu Mandal

      Hi Vamsi,

       

      Yes, we have already checked this command and its responding successfully. Below is the API Permissions we have added in Azure, could you please let us know if we are missing anything here or do we need to add mail.send from exchange online as well?

      API%20Permission

      API Permission

       

      Thanks!

      Sonu

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Please check with network team to get the logs for user, Issue seems to be 587 port block or some firewall is blocking.

      Author's profile photo Former Member
      Former Member

      Hi Vamsi/ All,

      Recently we upgraded PO system stack to SP25. Cache is getting stored properly however we are getting below error in Mail sender adapter though we have maintained valid Tenant identifier name.

      "Error in retrieving mailbox size: java.io.IOException: Reason : :"AADSTS900023: Specified tenant identifier 'null' is neither a valid DNS name"

      Below error is in Communication channel monitoring.

      "Exception caught during processing mail message; java.io.IOException: unexpected login response; read 001F NO LOGIN failed"

      Could you please assist.

      Regards,

      Basis

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Kindly share XPI trace for more information.

      Issue seems to be Microsoft Azure side, please recheck with tenant configurations\ tenant ID issue.

       

      Author's profile photo Jegatheeswaran Pitchaimuthu
      Jegatheeswaran Pitchaimuthu

      Hi Vamsi

      Thank you for your wonderful blog.

      I followed all the steps. I am able to generate refresh token using refresh token URL in the browser.

      The response is as below:

      Auth Code is retrieved successfully. Attempting to retrieve the Auth Token.

      Status information:

      Access token and Refresh token are retrieved and stored successfully. Proceed with Mail adapter channel processing.

      I am unable to enter Refresh token in mail sender channel under General tab.  I tried to enter this in Additional Parameters of Advanced tab of channel configuration (Parameter Name: IMail.refreshToken) with double quotes.

      Still, it gives the following error message in XPI tool.

      Exception caught during processing mail message; javax.mail.AuthenticationFailedException: LOGIN failed.

      Can you please clarify why this error comes? how to resolve this?

      Note:

      In App Permissions step, I informed to Azure admin team to provide only the following 2 delegated permissions: IMAP.AccessAsUser.All. Do I need to ask any additional permissions?
      SMTP.Send

      Thank you.

       

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      May i know which SP you are in? please share XPI traces as i mentioned above.

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hey Vamsi,

      we followed your guide to the T but still one of our email accounts is facing issue from SAP - it gives error User authenticated but not connected

      We had contacted Microsoft support and checked everything via PowerShell and remote connectivity analyzer, checked all settings available on Internet for this error

      Please advise

       

      Error in SAP

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Issue seems to be user  IMAP settings level, please share XPI traces for more details.

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hey Vamsi,

      Please check the XPI traces as requested

       

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Jadhav,

      Check your IMAP connectivity for the mail by using below link

      https://testconnectivity.microsoft.com/

      If IMAP connectivity is good and you are able to get the refresh token and configured. Still if you are getting the error then you need to restart PI server with help of basis team...

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Is it any issue with Office 365 Shared mailbox licensed with E1?

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Is there any issue with using a Office 365 shared mailbox with E1 license? This was migrated from on-prem server last year

      Author's profile photo Francesco Poli
      Francesco Poli

      Hi Vamsi,

      maybe i missed out, but the list of permissions in the post is still the valid one?

      i see that you mention that it was for test env, and it make sense, but for a production implementation, looks like to have quite too many added permissions that i haven't seens so far in other tools requirements for implementation.

      An example over all is the delegation for managing exchange configuration for the app.

      Also i am not clear what will happen in the background for the app, as we are granting here delegate and application permissions altogether....

      i am trying to tight the list as much as possible, before the sec team will blast my ask for implementation 🙂

      Thanks for the help

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      This link may provide required details, Kindly cjheck.

      Authenticate an IMAP, POP or SMTP connection using OAuth | Microsoft Learn

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hey Vamsi, Anand

      Can we use a E1 licensed shared mailbox instead of OAuth User (Office365 user) for this setup?

      As we have checked through Microsoft Remote connectivity tool, that licensed shared mailbox is passing all the tests, but it is failing in SAP PO with the error below:

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Jadhav,

       

      Are you able to get refresh token??

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hey Anand,

      Please check the XPI traces

       

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      As i mentioned earlier Issue seems to be user  IMAP settings level, Client Access Rules or Authorization level.

       

      try this may help you for IMAP\SMTP tests

      https://testconnectivity.microsoft.com/

       

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hello Vamsi,

      The problem is it is not showing any issues with IMAP settings in Office 365 connectivity tool - even Microsoft support tried all troubleshooting process.

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Hi Jadhav,

      Are you getting refresh token?? If you are getting refresh token. configure parameter with double quotes.

      If all configuration is good fallow below step

      And I have faced the same issue. PI server restart fixed my issue. Hope will work for you as well, Check with Basis team for server restart.

      Author's profile photo Suhas Jadhav
      Suhas Jadhav

      Hi Anand,

      Can you please let us know which parameter are your referring as we are getting refresh token?

      We tried restarting the PI server, but it did not resolve this issue

      Author's profile photo Anand Surisetty
      Anand Surisetty

      please%20check

      please check

      Author's profile photo Alvaro Espinoza
      Alvaro Espinoza

      Hello-

      After applying Patch level 16 and 33 of messaging and XIAF on PO 7.5 SP22 we still get these issues:

      Auth Code is retrieved successfully. Attempting to retrieve the Auth Token.

      Status information:

      Exception occurred while retrieving Access/Refresh Token. Please collect and check XPI Trace for further information.
      Access/Refresh token can not be retrieved. Please collect and check XPI Trace for further information.

      *****************************************************

      in our case we ran XPI inspector and the following appears:

      Exception occurred while retrieving Access/Refresh Token : java.io.UncheckedIOException: IOException while writing to HttpURLConnection outputstream: Connect timed out
      at com.sap.aii.af.sdk.xi.util.MailOAuthUtil.transferRequestBody(MailOAuthUtil.java:177)
      at com.sap.aii.af.sdk.xi.util.MailOAuthUtil.connect(MailOAuthUtil.java:122)
      at com.sap.aii.af.sdk.xi.util.MailOAuthUtil.sendPOST(MailOAuthUtil.java:102)
      at com.sap.aii.adapter.soap.web.MessageServlet.doGet(MessageServlet.java:319)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
      at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
      at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
      at com.sap.engine.services.servlets_jsp.server.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:126)
      at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)

       

      but despite we have loaded all certificates- opened the ports 587/993 we can't manage to run this properly.

       

      EXCEPTION]
      java.io.UncheckedIOException: Problem during writing to HttpURLConnection output stream: Connect timed out
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.transferRequestBody(IMAPClientConnection.java:2574)
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.connect(IMAPClientConnection.java:2517)
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.sendPOSTForAccessToken(IMAPClientConnection.java:988)
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.retryAccessToken(IMAPClientConnection.java:939)
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.getSize(IMAPClientConnection.java:892)
      at com.sap.aii.af.sdk.xi.srt.xmb.XMBIMAPInitiatorServiceImpl$MailClientTask.invoke(XMBIMAPInitiatorServiceImpl.java:552)
      at com.sap.aii.af.lib.scheduler.JobBroker$Worker.run(JobBroker.java:529)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:185)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:302)
      Caused by: org.w3c.www.protocol.http.HttpException: Connect timed out
      at org.w3c.www.protocol.http.b.a(SourceFile:853)
      at org.w3c.www.protocol.http.HttpManager.runStreamedRequest(SourceFile:1260)
      at org.w3c.www.protocol.http.HttpURLConnection.connect0(SourceFile:348)
      at org.w3c.www.protocol.http.HttpURLConnection.a(SourceFile:175)
      at org.w3c.www.protocol.http.HttpURLConnection.getOutputStream(SourceFile:605)
      at com.sap.engine.httpdsrclient.protocols.instrumented.https.DSRHttpsURLConnection.getOutputStream(DSRHttpsURLConnection.java:122)
      at com.sap.aii.af.sdk.xi.net.IMAPClientConnection.transferRequestBody(IMAPClientConnection.java:2569)
      ... 10 more

       

      we are on a multi-server environment and the soap w3c protocols are not implemented- this is a security risks and affects all 300+ integrations using SOAP- is there a viable option in azure to increase the timeout of the application?.

      Author's profile photo Vamsi Krishna Chintharlapalli
      Vamsi Krishna Chintharlapalli
      Blog Post Author

      Hello Alvaro Espinoza,

      Please recheck firewall\port blocker with network team , issue seems to be network block, Kindly confirm .

       

      Regards,

      Vamsi.

      Author's profile photo OSMUNDO OLIVEIRA
      OSMUNDO OLIVEIRA

      Hello,

      I have done the configuration accroding to this blog. it very useful.

      And all the sender mail channel adapter is work, but the receive mail channel shows Error like below:

      while logging into iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain! mail server using {1} protocol.

      I have selected the StartTLS in Channel configuration. and enabled use TLS1.1&1.2 in the SSL contentext.properties in PI system. but still with the same error.

      Does anybody know any ideas about this error.

       

      and from the XPI log:

       

      ~lAdapterManager.testReceiverChannel ⇦ with (com.sap.aii.af.service.cpa.impl.object.ChannelImpl@aaeb8685 with ID=2d40d644368a3b00b90dab354f7f2d8a, zh)
      11:40:47:530 ~e.ReceiverChannelTester.performTest
      11:40:47:531 ~dk.xi.net.SMTPClientConnection.send Creating an SSL Socket on host 'outlook.office365.com' and port '587'.
      11:40:47:531 creating a ssl socket without certificate
      11:40:47:531 ~i.net.SSLSocketFactory.createSocket ⇦ with (outlook.office365.com, 587, <null>, <null>, <null>, false, , true, false)
      11:40:47:531 ~ocketFactory.createSSLCLientContext ⇦ with (<null>, <null>, <null>, , true, false)
      11:40:47:532 ⇨ with Enabled cipher suites:
      TLS_RSA_WITH_AES_256_GCM_SHA384
      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
      TLS_RSA_WITH_AES_256_CBC_SHA256
      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
      TLS_RSA_WITH_AES_128_GCM_SHA256
      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
      TLS_RSA_WITH_AES_128_CBC_SHA256
      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
      TLS_RSA_WITH_AES_256_CBC_SHA
      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
      SSL_RSA_WITH_3DES_EDE_CBC_SHA
      SSL_RSA_WITH_RC4_128_SHA
      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
      Enabled compression methods:
      NULL
      Extensions: elliptic_curves (10), signature_algorithms (13), server_name (0), ec_point_formats (11)

      Available certificates:
      None

      11:40:49:552 ~i.net.SSLSocketFactory.createSocket ⇨ with Socket[addr=outlook.office365.com/52.97.19.130,port=587,localport=56372]
      11:40:49:556 ~dk.xi.net.SMTPClientConnection.send additional info ssl_debug(12): Starting handshake (iSaSiLk 5.2)...
      ssl_debug(12): Sending v3 client_hello message to outlook.office365.com:587, requesting version 3.3...
      ssl_debug(12): Sending extensions: elliptic_curves (10), renegotiation_info (65281), signature_algorithms (13), server_name (0), ec_point_formats (11)
      ssl_debug(12): SSLException while handshaking: Invalid SSL message, peer seems to be talking plain!
      ssl_debug(12): Sending alert: Alert Fatal: handshake failure
      ssl_debug(12): Shutting down SSL layer...
      11:40:49:557 ~lAdapterManager.testReceiverChannel ⇨ with (undefined, , [(OK, Channel Active/Inactive Test, Channel is active, ), (not OK, Mail Server Login Test, Error while logging into iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain! mail server using {1} protocol, )])
      11:40:49:557 ~ce.XIMailAdapterManager.testChannel
      11:40:55:044 J2EE_GUEST SAP_AFScheduler.Worker ~.XMBIMAPInitiatorServiceImpl.invoke
      11:40:55:045 ~FEB2B_INB/BC_EMAIL/NFE_B2B_MAIL]_79 ~xi.net.IMAPClientConnection.getSize ⇦ with (true)
      Author's profile photo Alvaro Espinoza
      Alvaro Espinoza

      perhaps you need to load the right certs- https://blogs.sap.com/2022/10/17/mail-oauth-using-pi-po/

      Author's profile photo Muniyappan Marasamy
      Muniyappan Marasamy

      Hi Vamsi,

       

      We are in PO 7.5 sp 19 patch 36. I am getting below error.

      ping test

       

      Channel error

       

       

       

      We can get the token successfully.

       

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Download and apply certificates in trusted CA

      Author's profile photo Muniyappan Marasamy
      Muniyappan Marasamy

      we have downloaded all certificates from url https://login.microsoftonline.com and uploaded into cpi trust.

       

      this is the detailed error I can see in xpi logs.

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Have you configured additional parameter??

      Author's profile photo Muniyappan Marasamy
      Muniyappan Marasamy

      if you check the note 3169585 - Refresh Token is not retrieved in case of multi server environment, this is only applicable from SP0020.  But we are at SP019. So I can say this is not applicable for our version. I even tried to put this parameter and it did not work.

       

      I have increased trace and this is the error.

      18:39:41:139 ⇨ with Channel is started
      18:39:41:139 ~18n.LocalizationUtil.localizeString ⇨ with Channel is started
      18:39:41:139 ~gStatusListenerImpl.toChannelStatus ⇨ with ChannelStatusImpl:OK | Channel is started
      18:39:41:139 ~StatusListenerImpl.getChannelStatus ⇨ with ChannelStatusImpl:OK | Channel is started
      18:39:41:139 ~l.AdminManagerImpl.getChannelStatus ⇨ with ChannelStatusImpl:OK | Channel is started
      18:39:41:139 ~l.AdminManagerImpl.getChannelStatus ⇨ with [Lcom.sap.aii.af.service.administration.api.monitoring.ChannelStatus;@55e641c4
      18:39:41:139 ~ManagerImpl.getChannelProcessStatus ⇦ with ([Lcom.sap.aii.af.service.cpa.Channel;@3b07c18b, en)
      18:39:41:139 ~mpl.AdapterRegistryImpl.getInstance
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.AdapterRegistryImpl@34ef5c1c
      18:39:41:139 ~RegistryImpl.getAdapterRegistration ⇦ with (http://sap.com/xi/XI/System:Mail)
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.util.AdapterRegistration@3b0a4289
      18:39:41:139 ~gistration.getProcessStatusCallback
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.MonitoringStatusListenerImpl@88a823f
      18:39:41:139
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.MonitoringStatusListenerImpl@88a823f
      18:39:41:139 ~istenerImpl.getChannelProcessStatus ⇦ with (com.sap.aii.af.service.cpa.impl.object.ChannelImpl@7b82f171 with ID=76c3e711443e334ab9342dd5f28a6887, en)
      18:39:41:139 ~gStatusListenerImpl.toProcessStatus ⇦ with (com.sap.aii.af.service.cpa.impl.object.ChannelImpl@7b82f171 with ID=76c3e711443e334ab9342dd5f28a6887, en)
      18:39:41:139 ~mpl.AdapterRegistryImpl.getInstance
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.AdapterRegistryImpl@34ef5c1c
      18:39:41:139 ~RegistryImpl.getAdapterRegistration ⇦ with (http://sap.com/xi/XI/System:Mail)
      18:39:41:139 ⇨ with com.sap.aii.af.service.administration.impl.util.AdapterRegistration@3b0a4289
      18:39:41:140 ~18n.LocalizationUtil.localizeString ⇦ with (Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1, en, http://sap.com/xi/XI/System:Mail)
      18:39:41:140 ~mpl.AdapterRegistryImpl.getInstance
      18:39:41:140 ⇨ with com.sap.aii.af.service.administration.impl.AdapterRegistryImpl@34ef5c1c
      18:39:41:140 ~RegistryImpl.getAdapterRegistration ⇦ with (http://sap.com/xi/XI/System:Mail)
      18:39:41:140 ⇨ with com.sap.aii.af.service.administration.impl.util.AdapterRegistration@3b0a4289
      18:39:41:140 ~egistration.getLocalizationCallback
      18:39:41:140 ⇨ with com.sap.aii.af.service.administration.api.i18n.ResourceBundleLocalizationCallback@85fc601
      18:39:41:140 ~LocalizationCallback.localizeString ⇦ with (Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1, en)
      18:39:41:140 Catching java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      at java.util.ResourceBundle.getObject(ResourceBundle.java:450)
      at java.util.ResourceBundle.getObject(ResourceBundle.java:444)
      at java.util.ResourceBundle.getString(ResourceBundle.java:407)
      at com.sap.aii.af.service.administration.api.i18n.ResourceBundleLocalizationCallback.localizeString(ResourceBundleLocalizationCallback.java:108)
      at com.sap.aii.af.service.administration.impl.i18n.LocalizationUtil.localizeString(LocalizationUtil.java:56)
      at com.sap.aii.af.service.administration.impl.MonitoringStatusListenerImpl$InternalProcessState.toProcessStatus(MonitoringStatusListenerImpl.java:734)
      at com.sap.aii.af.service.administration.impl.MonitoringStatusListenerImpl.getChannelProcessStatus(MonitoringStatusListenerImpl.java:797)
      at com.sap.aii.af.service.administration.impl.AdminManagerImpl.getChannelProcessStatus(AdminManagerImpl.java:675)
      at com.sap.aii.af.service.administration.impl.cluster.ClusterManager.eventReceivedSync(ClusterManager.java:808)
      at com.sap.aii.af.service.event.impl.worker.sync.SyncLocalWorker.work(SyncLocalWorker.java:71)
      at com.sap.aii.af.service.event.impl.worker.sync.AbstractSyncWorker.startWork(AbstractSyncWorker.java:40)
      at com.sap.aii.af.service.event.impl.EventManagerImpl.sendEventAndWaitForAnswer(EventManagerImpl.java:489)
      at com.sap.aii.af.service.event.impl.EventManagerImpl.sendEventAndWaitForAnswer(EventManagerImpl.java:358)
      at com.sap.aii.af.service.administration.impl.cluster.ClusterManager.getClusterChannelRuntimeStatusHashMap(ClusterManager.java:333)
      at com.sap.aii.af.service.administration.impl.AdminManagerImpl.getClusterChannelRuntimeStatusHashMap(AdminManagerImpl.java:1245)
      at com.sap.aii.mdt.itsam.mbeans.utils.XIAdapterChannelUtil.getChannelDetails(XIAdapterChannelUtil.java:841)
      at com.sap.aii.mdt.itsam.mbeans.utils.XIAdapterChannelStartStopUtil.setChannelsControlState(XIAdapterChannelStartStopUtil.java:120)
      at com.sap.aii.mdt.itsam.mbeans.utils.XIAdapterChannelUtil.changeControlState(XIAdapterChannelUtil.java:488)
      at com.sap.aii.mdt.itsam.mbeans.channelmonitor.SAP_ITSAMXIAdapterChannelService_DevImpl.ChangeControlData(SAP_ITSAMXIAdapterChannelService_DevImpl.java:50)
      at com.sap.aii.mdt.itsam.mbeans.channelmonitor.SAP_ITSAMXIAdapterChannelService_Impl.ChangeControlData(SAP_ITSAMXIAdapterChannelService_Impl.java:334)
      at com.sap.aii.mdt.itsam.mbeans.channelmonitor.SAP_ITSAMXIAdapterChannelServiceWrapper.invoke(SAP_ITSAMXIAdapterChannelServiceWrapper.java:518)
      at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
      at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
      at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:468)
      at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
      at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:612)
      at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
      at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:365)
      at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
      at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
      at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:289)
      at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
      at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
      at com.sap.lm.itsam.ui.connection.impl.ITSAMUIMBeanServerConnectionWrapper.invoke(ITSAMUIMBeanServerConnectionWrapper.java:379)
      at com.sap.tc.lm.itsam.ui.proxy.JMXGenericModelClassMBean.invokeOperation(JMXGenericModelClassMBean.java:610)
      at com.sap.tc.lm.itsam.ui.proxy.JMXAbstractModelClass.invokeOperation(JMXAbstractModelClass.java:159)
      at com.sap.tc.lm.itsam.co.ui.xi.channel.wd.model.SAP_ITSAMXIAdapterChannelService.ChangeControlData(SAP_ITSAMXIAdapterChannelService.java:254)
      at com.sap.tc.lm.itsam.co.ui.xi.channel.wd.pichanneldetailed.pichannelmoni.pichannelmonidetailed.PIChannelMoniDetailed.changecontroldata(PIChannelMoniDetailed.java:935)
      at com.sap.tc.lm.itsam.co.ui.xi.channel.wd.pichanneldetailed.pichannelmoni.pichannelmonidetailed.wdp.InternalPIChannelMoniDetailed.changecontroldata(InternalPIChannelMoniDetailed.java:683)
      at com.sap.tc.lm.itsam.co.ui.xi.channel.wd.pichanneldetailed.pichannelmoni.pichannelmonidetailed.SearchView.onActionAutomaticOrManual(SearchView.java:370)
      at com.sap.tc.lm.itsam.co.ui.xi.channel.wd.pichanneldetailed.pichannelmoni.pichannelmonidetailed.wdp.InternalSearchView.wdInvokeEventHandler(InternalSearchView.java:454)
      at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)
      at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)
      at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)
      at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)
      at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)
      at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)
      at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)
      at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)
      at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)
      at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)
      at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)
      at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)
      at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)
      at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)
      at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:326)
      at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
      at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:101)
      at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
      at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
      at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:439)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:428)
      at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:82)
      at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
      at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
      at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
      at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
      at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
      at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
      at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
      at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
      at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:468)
      at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:262)
      at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
      at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
      at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
      at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
      18:39:41:141 Could not locate resource bundle entry 'Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1' for resource bundle 'com.sap.aii.adapter.mail.i18n.rb_MAILAdapter_ChannelMonitor' and locale en: java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      18:39:41:141 Throwing com.sap.aii.af.service.administration.api.i18n.LocalizationNotPossibleException: Could not locate resource bundle entry 'Exception caught during processing mail message; java.lang.StringIndexOutOfBoundsException: String index out of range: -1' for resource bundle 'com.sap.aii.adapter.mail.i18n.rb_MAILAdapter_ChannelMonitor' and locale en
      Author's profile photo Muniyappan Marasamy
      Muniyappan Marasamy

      Do you think that http://sap.com/xi/XI/System:Mail is causing issue?

      Author's profile photo Anand Surisetty
      Anand Surisetty

      Remove module parameters and try once

      Author's profile photo Muniyappan Marasamy
      Muniyappan Marasamy

      no. it did not work either.

      Author's profile photo Peter Hermanns
      Peter Hermanns

      First of all thank you for this posting.
      It's leading us to the right direction.

      But now we have a problem that we don't really know how to deal with.

      Environment: SAP NW PO 7.50 SP25

      Configuration in Azure done, Refresh_Token was received successfully and put in into the sender channel as written in the blog including the additional parameter IMAIL.refresh_token.
      After starting the channel we get the "refresh token error" immediately.

      An XPI_Trace shows that we're indeed using the configured refresh token to get an access token, but in the same run Microsoft gives us a new refresh token that cannot be stored into the cache with the NON_TRANSIENT_INTEGRITY_CONSTRAINT_VIOLATION error.

      Here we're sending the correct refresh token:

      And here we're getting a new different refresh token after getting the access_token.

      As already said. Redirect-URL works and is correctly configured in MS Azure, otherwise the new refresh token couldn't be send to the PO system.

      Anone got an idea on what is going wrong here?

       

      Best regards

       

      Peter