This is not an issue, additional information for who are trying to achieve SAML OAuth Flow with Azure AD. OData Service HTTP handler #45
Description
Even after following all the explanation in this repo https://github.com/azuredevcollege/SAP/blob/master/sap-oauth-saml-flow/README.md beautifully and in detail, here is one thing which got me stuck and postman call to OData service was failing to retrieve data and sending back for login (in our case to Azure AD login as SSO enabled). In layman terms it was ignoring the Authorization header with OAuth token (bearer) value.
We followed step by step to setup as follows:
- Azure AD and SAP SSO setup - Azure AD SSO config with SAP Netweaver
- Azure AD configuration - register applications (Frontend App, Enterprise App), export SAML metadata for trust configuration in SAP
- SAP NetWeaver Configuration - Generate user, setup federation an trust between SAP NetWeaver and Azure AD, setup OData service, configure OAuth client, configure scopes
While testing postman queries at last step were getting following error
Later when opened ticket with SAP, we got to know some configurations due to which it was not accepting OAuth token (it is not default enabled in SAP)
While creating new OData Service, default HTTP handler is different and it can't handle OAuth authorization.
It has to be replaced in ICF node with this /IWFND/CL_SODATA_HTTP_HNDL_OAT.
And Execute the report /IWFND/R_OAUTH_SCOPES to create an OAuth scope for your service.
Also in OAuth client registered for on-behalf-of authentication, please tick check-box for SSL certificate
