Motivation:
In my earlier blog, Consuming a Business Technology Platform service from an S/4 HANA system using SM59 destination with..., I covered what it takes to connect to an SAP BTP service from S/4HANA on-premise using OAuth. Here, we look at some errors one may come across and how to troubleshoot them. This is by no means an exhaustive list and I encourage you to share the errors/issues you face in the comments section so over a period, this grows into a document that can help a lot of people
Useful troubleshooting technique:
Run the report OA2C_GENERIC_ACCESS with SE38. This is a report that can be used to test the OAuth 2.0 client configuration/access tokens request (for all grant types). The report shows the complete raw error response which might be helpful for troubleshooting.
Example:
Error when trust configuration is missing/wrong on the Business Technology Platform:
Some other errors/issues along with solutions:
Additional material for troubleshooting at the level of the XSUAA service on the Business Technology Platform:
Looking forward to hearing your experiences with this setup, the issues/struggles you had or on the other hand, the great experience you had!
In my earlier blog, Consuming a Business Technology Platform service from an S/4 HANA system using SM59 destination with..., I covered what it takes to connect to an SAP BTP service from S/4HANA on-premise using OAuth. Here, we look at some errors one may come across and how to troubleshoot them. This is by no means an exhaustive list and I encourage you to share the errors/issues you face in the comments section so over a period, this grows into a document that can help a lot of people
Useful troubleshooting technique:
Run the report OA2C_GENERIC_ACCESS with SE38. This is a report that can be used to test the OAuth 2.0 client configuration/access tokens request (for all grant types). The report shows the complete raw error response which might be helpful for troubleshooting.
Example:
Error when trust configuration is missing/wrong on the Business Technology Platform:
Some other errors/issues along with solutions:
- Download SAML Metadata button not visible in t-code OA2C_CONFIG
Solution: Apply SAP Note 3229914.
- OA2C_GRANT does not return OAuth 2.0 token
Solution: In OA2C_CONFIG, for the created configuration, verify if the following are correctly mapped:
- Client ID/ Client Secret are as defined in the service key of the BTP service being connected to (workflow service in this example)
- The SAML 2.0 Audience is the "Entity ID" from the SAML Metadata of the sub-account which we are connecting to. The SAML metadata can be downloaded under "Trust Configuration" section of the sub-account
- The Token End Point is the Location ID from the SAML metadata of the sub-account which contains "/oauth/token". Ensure the Location ID is copied along with alias
- Error: "Create Failed" when doing a connection test in SM59
Solution: Check the token service URL in OA2C_CONFIG. Check if "https://" is repeated. Note: This is automatically added and while copy-pasting the URL, this needs to be done without https://
- Error: "Connection to <URL> broken" when doing a connection test in SM59
Solution: Under the Logon and Security Tab of the SM59 destination, under status of secure protocol, make sure SSL is active and the right SSL certificate is chosen (where the certificate from BTP was imported)
Additional material for troubleshooting at the level of the XSUAA service on the Business Technology Platform:
- Status Code 401: https://ga.support.sap.com/dtp/viewer/index.html#/tree/2212/actions/28290:52819
- SAML Issues: https://ga.support.sap.com/dtp/viewer/index.html#/tree/2212/actions/28290
- E.g. https://ga.support.sap.com/dtp/viewer/index.html#/tree/2212/actions/28290:48369 or https://ga.support.sap.com/dtp/viewer/index.html#/tree/2212/actions/28290:48362
- Trust Establishment in general (both SAML and OIDC): https://help.sap.com/docs/btp/sap-business-technology-platform/establish-trust-and-federation-betwee...
- Attribute Mapping (SAML): https://help.sap.com/docs/btp/sap-business-technology-platform/federation-attribute-settings-of-any-...
Looking forward to hearing your experiences with this setup, the issues/struggles you had or on the other hand, the great experience you had!
- SAP Managed Tags:
