on 07-11-2023 8:45 AM
Hello Everyone
I'm trying to use the "Integration Content" API, which is the API of your CPI, where e.g. you cean read and write data about your deployed artifacts.
My goal is, to read all deployed artifacts and then check the configurations of all Flows checking wether the iFlow is using a credential (Alias) from the security material or not. Basically, I want to create an iFlow that gives me more monitoring capabilities on used credentials.
So far I've managed to setup the needed API calls and authentication in Postman and it works. But I can't seem to find a way to use that (see pictures below) type of authentication on the CPI.
Since I have to use a servicekey with a certificate, we don't have our typical oAuth credentials with clientid and clientsecret but clientid, certificate and key. So our servicekey would look something like this:
{
"oauth": {
"createdate": "123",
"clientid": "123",
"url": "123",
"certificate": "-----BEGIN CERTIFICATE-----123-----END CERTIFICATE-----",
"key": "-----BEGIN RSA PRIVATE KEY-----123-----END RSA PRIVATE KEY-----,
"tokenurl": "123",
"certificatedetails": {
"issuerdn": "123",
"subjectdn": "123",
"validuntil": "123",
"serialnumber": "123"
}
}
}
The CPI also won't let you store oAuth 2.0 credentials like these, because we don't have a clientsecret, which is a mandatory field.
You may ask yourself, why I'm not using a servicekey, where I have the oAuth credentials with clientid and clientsecret. Well, I get a "403: Forbidden", when I try to read the configurations of deployed artifacts. To clarify, yes I did indeed use the same serviceinstance, so I had the same parameters for both servicekeys. If you're wondering which parameters I'm currently using in the instance:
{
"grant-types": [
"client_credentials"
],
"redirect-uris": [],
"roles": [
"MessagePayloadsRead",
"MonitoringDataRead",
"MessageProcessingLocksRead",
"AccessAllAccessPoliciesArtifacts",
"AccessPoliciesRead",
"AuthGroup_ReadOnly",
"CatalogPackageArtifactsRead",
"CatalogPackagesRead",
"DataArchivingRead",
"DataStorePayloadsRead",
"DataStoresAndQueuesRead",
"HealthCheckMonitoringDataRead",
"SecurityMaterialDownload",
"TraceConfigurationRead",
"WorkspaceArtifactLocksRead",
"WorkspacePackagesRead"
]
<br>
Hi gregor_schuetz
Please see my response to this question here: https://blogs.sap.com/2022/05/29/step-by-step-guide-to-set-up-inbound-client-certificate-authenticat...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
With service key /secret it should be achievable. I suspect that the roles were not sufficient and hence you were getting a 403. However even using a certificate and client id you do have to define the role that service key has access to. You may just want to recheck the roles you gave to the service key.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
11 | |
10 | |
8 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.