0

Currently using CAP and SAP Cloud SDK to retrieve a destination of OAuth2SAMLBearerAssertion type. We have done the relevant setup in BTP and S4HC found here: https://blogs.sap.com/2021/05/10/oauth2samlbearerassertion-flow-with-the-sap-btp-destination-service.-s-4hana-cloud./

We are currently using the following destination config: Destination Config

In our CAP application, we are trying to access the destination using:

DestinationAccessor.getDestination(Constants.DEFAULT_S4_HANA_CLOUD);

However when we get the following error:

Failed to read authentication token. The destination service responded with an error: Retrieval of OAuthToken failed due to: Cannot determine user to propagate for OAuth2SAMLBearerAssertion destination. Either provide user_token JWT token (https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#user-token-grant) when retrieving the destination or configure it with SystemUser.

How can this be possible if I am able to get the token via the following?

AuthToken currentToken = AuthTokenAccessor.getCurrentToken();
AuthToken xsuaaServiceToken = AuthTokenAccessor.getXsuaaServiceToken();

I have also tried to authenticate with the token passed i.e.

AuthTokenAccessor.executeWithAuthToken(currentToken,  () -> DestinationAccessor.getDestination(Constants.DEFAULT_S4_HANA_CLOUD));

Are we missing a crucial step in the process? Has anyone encountered this issue before?

How are we able to correctly pass the AuthToken to the destination?

Here is a snippet of my dependencies as requested:https://pastebin.com/iweEDfyN

Thanks in Advance!

ETayamenDel
  • 11
  • 2
  • Could you please add further context information, such as: * Which SAP Cloud SDK version are you using? * Which CAP version are you using? * Are you using the `com.sap.cds:cds-integration-cloud-sdk` dependency? To answer all of these questions, simply attaching the output of `mvn dependency:tree` should be sufficient. – Johannes Schneider Aug 09 '22 at 13:52
  • Hi @JohannesSchneider. I've updated the question with the copy of this! Thanks#1 – ETayamenDel Aug 09 '22 at 14:41
  • Thanks for attaching the dependency tree. So far everything looks as expected (the integration dependency is slightly outdated, but that shouldn't cause any harm). Therefore, I'd like to ask whether you can decode the auth token you are getting via `AuthTokenAccessor.getCurrentToken()`. Is that really a valid user token? (i.e. not a technical token) – Johannes Schneider Aug 10 '22 at 07:19
  • Hi @JohannesSchneider I have got passed this error now and the solution is mentioned here: https://blogs.sap.com/2021/03/24/oauth2samlbearerassertion-flow-with-the-sap-btp-destination-service.-successfactors./comment-page-1/#comment-634599. I am able to access the Destination correctly now but now I am getting another error when I make the a request; java.lang.NoClassDefFoundError: com/google/gson/Gson. I have tried to add it as a dependency but no luck. – ETayamenDel Aug 10 '22 at 14:32
  • Great to hear that you already found an answer! Would you mind posting a brief summary of the solution as an answer here on SO (with the link from where you got the answer from initially) so that others can also solve this problem in the future? Regarding the ClassNotFoundException: I think it would be best practice to open up a new question to get help (after searching the internet for a similar issue of course). If you feel like the SAP Cloud SDK is involved, don't hesitate to reach out to us again: [Get Support](https://sap.github.io/cloud-sdk/docs/overview/get-support) – Johannes Schneider Aug 11 '22 at 06:49

1 Answers1

1

UPDATE: I found out that the issue was that we did not have /IWFND/SG_MED_CATALOG_0002 in our destinations scope list - which had some roles in it.

ETayamenDel
  • 11
  • 2