Business Use Case
During the registration process of a user in SAP Customer Data Cloud (CDC), the standard out-of-box feature validates the duplicate user based on the e-mail address or user name supplied by the end user. However, it does not consider any of the Identification fields (E.g. National Id, Passport number, Social security number, Aadhaar number), or a combination of any other attributes (E.g First Name, Last Name or, Date of Birth) for the duplicate check process, which is the common use case requirement for many of the customers.
Prerequisites
- Provisioning of SAP Customer Data Cloud Solution.
- Subscription to SAP Integration Suite Service (SAP API Management).
Solution Approach
The following solution could be implemented to overcome the above product limitation.
The standard extension OnBeforeAccountsRegister is configured in SAP CDC to perform duplicate checks during new customer registration and profile updates based on Personal Identification data (E.g. National Id, Passport number, Social security number, Aadhaar number), or a combination of any other attributes (E.g First Name, Last Name or, Date of Birth).
The extension triggers a request from SAP CDC to an external application, we have leveraged the SAP API Management platform for this use case, where the service callout function is configured to query the parameters for which a duplicate check needs to be performed in the SAP CDC database to return the count of customers if the count is more significant than zero the SAP API management returns error code to SAP CDC Screen sets.
Note: OnBeforeAccountsRegister extension point is triggered within the accounts.register API, right after Gigya runs all validation checks that are required for creating the user in the database and right before creating the user. After this point (unless an extension point returns an error indicating Gigya to fail the request), the user will be created. The newly created user may be in a 'Pending Finalization' state (e.g. if a few required fields are missing) and will then need to complete more steps in order to be fully registered.
SAP CDC Configurations
Configure Extensions OnBeforeAccountsRegister in SAP CDC to pass the SAP API Management endpoint.
SAP API Management Configurations
Create a new API
Create a new API as shown below in the Develop tab of SAP API Management.
Validate and Decode the JWT
SAP CDC sends data from an extension in JSON Web token (JWT) format which needs to be validated whether it is from a valid source. The valid JWT token would then be decoded to capture the data and execute the required business logic.
1) Create JavaScript Policy to read Json Web Token
Java Script policy to read JWT data from SAP CDC Extension.
var responseJSONstring = context.getVariable("request.content");
var responseJSON = JSON.parse(responseJSONstring);
context.setVariable("request.header.Authorization", "Bearer " + responseJSON.jws);2) Create Assign Message Policy to assign variable to Header
Assign the variable set from the previous step to header parameter.
<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns='http://www.sap.com/apimgmt'>
<!-- Sets a new value to the existing parameter -->
<Add>
<Headers>
<Header name="Authorizaton">{request.header.Authorization}</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" type="response">response</AssignTo>
</AssignMessage>3) Create Lookup Cache Policy to retrieve the key from Cache
The lookup cache policy is not executed the first time but for the subsequent calls after the JWT Key is cached in the memory using Populate Cache policy.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<LookupCache async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
<CacheKey>
<KeyFragment>JWT_KEYS</KeyFragment>
</CacheKey>
<Scope>Global</Scope>
<AssignTo>JWTKeys.content</AssignTo>
</LookupCache>4) Create Service Callout Policy to trigger API call to retrieve public key from SAP CDC
Retrieve the Public key from the SAP CDC application using the API (accounts.getJWTPublicKey).
<ServiceCallout async="true" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
<Response>JWTKeys</Response>
<Timeout>60000</Timeout>
<HTTPTargetConnection>
<URL>https://accounts.eu1.gigya.com/accounts.getJWTPublicKey?apiKey=******&V2=true</URL>
</HTTPTargetConnection>
</ServiceCallout>5) Create Populate Cache Policy to store the key into Cache
Store the key in the Cache which will be retrieved by the Lookup cache policy in subsequent calls.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
<CacheKey>
<KeyFragment>JWT_KEYS</KeyFragment>
</CacheKey>
<Scope>Global</Scope>
<ExpirySettings>
<TimeoutInSec>86400</TimeoutInSec>
</ExpirySettings>
<Source>JWTKeys.content</Source>
</PopulateCache>6) Create VerifyJWT Policy to validate the JWT from SAP CDC
The policy verifies the JWT received from SAP CDC is valid according to the expiry and not before times if they are present. If the JWT is verified and valid, then all of the claims contained within the JWT are extracted into context variables for use by subsequent policies or conditions, and the request is allowed to proceed.
<!-- Verify JWT TOken -->
<VerifyJWT async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
<Algorithm>RS256</Algorithm>
<PublicKey>
<JWKS ref="JWTKeys.content"/>
</PublicKey>
</VerifyJWT>Executing Duplicate Check Logic
7) Create JavaScript Policy to Capture Duplicate check parameters
A script function is written in SAP API Management to capture the parameters for which the duplicate check needs to be performed. A query is formed in the SAP API Management based on the required parameters.
function formDynamicQuery(nationalID,passportNo){
var query = null;
if(nationalID !== null && nationalID ){
query = "data.nationalID =%27" + nationalID + "%27";
}
else {
query = "data.passport.number =%27" + passportNo + "%27";
}
return query;
}
var responseJSONstring = context.getVariable("jwt.verifyJWT.decoded.claim.data");
var responseJSON = JSON.parse(responseJSONstring);
var profile = responseJSON.params.profile;
var passportNo = null;
var query = null;
if(responseJSON.params.data){
if(responseJSON.params.data.passport){
context.setVariable("passportNo",responseJSON.params.data.passport.number);
passportNo = responseJSON.params.data.passport.number;
context.setVariable("passportExpiryDate",responseJSON.params.data.passport.expiryDate);
}
if(responseJSON.params.data.nationalID){
context.setVariable("nationalID",responseJSON.params.data.nationalID);
}
if(responseJSON.params.data.nationalID || responseJSON.params.data.passportNo){
query = formDynamicQuery(responseJSON.params.data.nationalID,responseJSON.params.data.passportNo);
}
}
context.setVariable("query",query);😎 Create Service Callout Extension Policy to trigger API call to SAP CDC
A service callout function is configured to call the SAP CDC API for duplicate check based on the query parameters passed from the script function. The SAP CDC API returns the count of the customers for the query passed.
<!-- this policy lets you call to an external service from your API flow -->
<ServiceCallout async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
<!-- The request that gets sent from the API proxy flow to the external service -->
<Request/>
<!-- the variable into which the response from the external service should be stored -->
<Response>IDResponse</Response>
<!-- The time in milliseconds that the Service Callout policy will wait for a response from the target before exiting. Default value is 120000 ms -->
<Timeout>30000</Timeout>
<HTTPTargetConnection>
<!-- The URL to the service being called -->
<URL>https://accounts.eu1.gigya.com/accounts.search?apiKey=****&userKey=****&secret=*****&query=select UID from accounts where {query}</URL>
<!-- The SSL reference to be used to access the https url -->
</HTTPTargetConnection>
</ServiceCallout>9) Create JavaScript Policy to return the result to SAP CDC Screen sets
A script function is written in SAP API Management to capture the response from the SAP CDC and check if the count of the customers is significant than 0 an error message would be sent to the SAP CDC screen set.
function checkRecordExists(response){
if(response != null ){
if(response.results && response.results.length > 0){
return true;
}
}
return false;
}
var response = context.getVariable("IDResponse.content");
var parseData = JSON.parse(response);
var count = parseData.totalCount;
var nationalID = context.getVariable("nationalID");
var passportNo = context.getVariable("passportNo");
var ret = {status : "OK"};
if(count > 0){
if(nationalID && nationalID !== null){
var fieldName = "data.nationalID";
var message = "Sorry, We are unable to process your request for registration as the user with same National ID already exists. Please contact Customer Care Center";
}
if(passportNo && passportNo !== null){
var fieldName = "data.passport.number";
var message = "Sorry, We are unable to process your request for registration as the user with same Passport Number already exists. Please contact Customer Care Center";
}
ret.status = "FAIL";
ret.data= {
validationErrors : [
{
fieldName: fieldName,
message: message
}
]
}
}
context.setVariable("status",ret.status);
context.setVariable("idresp",JSON.stringify(ret));
context.setVariable("Count",count);Return response to SAP CDC
10 Create Assign Message Policy to return response to SAP CDC
Form the response body to pass it to the SAP CDC screen sets.
<!-- This policy can be used to create or modify the standard HTTP request and response messages -->
<AssignMessage async="false" continueOnError="false" enabled="true" xmlns='http://www.sap.com/apimgmt'>
<!-- Sets a new value to the existing parameter -->
<Set>
<Payload contentType="application/json; charset=utf-8" variablePrefix="@" variableSuffix="#">@idresp#</Payload>
<StatusCode>200</StatusCode>
<ReasonPhrase>Invalid ID</ReasonPhrase>
</Set>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<AssignTo createNew="false" type="response">response</AssignTo>
</AssignMessage>Sample Screen Shot from SAP CDC Screen Set
References:
https://blogs.sap.com/2019/09/02/part-1-modeling-the-jwt-token-verification-flows-in-sap-cloud-platf...
https://help.sap.com/docs/SAP_CUSTOMER_DATA_CLOUD/8b8d6fffe113457094a17701f63e3d6a/4153ec2f70b21014b...
Summary:
Hope this blog helps in improving the data quality of the customer profiles by executing duplicate checks of customer profiles during the Customer registration process. We have leveraged SAP API Management for executing business logic similarly, other tools such as SAP CPI and other middleware could be used.
Please share your comments and thoughts in the comment section below.
Co-Authors: lokeshanandakumar.lakhondae , arulraj.athiseharan & elam.bharathy.kuppusamy
Regards,
Vijay S B
- SAP Managed Tags:
