cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create an OAuth2 access token from a SAML assertion failed

Former Member

on ‎09-01-2015 10:23 AM

0 Kudos

Hello,

I created a SAP HCP Trial account with an SAP JAM developer instance. Afterwards I configured my IDP and OAuth Client with the SAP Jam Developer Guide.

Now, I try out to get the OAuth2 access token from my SAP JAM instance via Postman. I use the following parameters:

POST /api/v1/auth/token HTTP/1.1

Host: developer.sapjam.com

Content-Type: application/x-www-form-urlencoded

Cache-Control: no-cache

Postman-Token: 1273946b-0d0d-526b-af91-2cfadfb9c3dd

client_id=bYsYJuK5ftGYC76chHXF&

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&

assertion=MIIDcj.....qSRlg%3D%3D

I get the error code 400 Bad Request with the message "error": "invalid_scope".

Can you can help me with this problem?


Thanks a lot

Daniel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Adam_Stone
Active Contributor
‎09-08-2015 4:57 PM
0 Kudos

Hi Daniel,

If you are using Hana Cloud Platform, I would suggest using code directly from there as it will allow you to utilize the Destination configuration and you don't have to create the assertion at all to authenticate.  The following blog will help get you started:

Show replies
Show replies
Former Member
‎09-09-2015 9:22 AM
0 Kudos

Hi Adam,

Thanks for your reply. I want to integrate the SAP JAM features directly into an external .NET application via the OData API. Therefore it is not possible to use the Destination feature from the Hana Cloud Platform. At the moment, I am using the HANA Cloud Platform because of to get a SAP JAM developer instance. However, the final version should works without the HCP.

I hope you can help me with this problem.

Adam_Stone
Active Contributor
‎09-09-2015 11:37 PM
0 Kudos

Here is a previous thread that was answered that looks to be the same error, you may want to compare to that:

JAM SAML/OAuth authentication | SCN

Here is an interesting blog by someone else that used Python to accomplish this and has provided all the code for it as well:

SAP Jam SAML Authentication Using Python | Company Blog | MTR Design

If you are still stuck after reviewing those, let me know.

Former Member
‎09-02-2015 8:50 AM
0 Kudos

Hello,

I have found a typing error in my grant-type parameter, but now I get the following error message :

"error": "invalid_grant", "error_description": "Invalid assertion: validation failed. Detail: SAML assertion failed validation."


You can find the decoded assertion in the appendix.

Show replies
Show replies
Ask a Question