Principal Propagation is not working in the latest version of SAP Cloud SDK

1
votes

It works in SAP Cloud SDK Version 3.7.0 to 3.10.0 but failed in the latest version from 3.11.0 to 3.13.0.

I have two applications deployed on SAP Cloud Platform. One is cloud java application based on SAP Cloud SDK using destination which is configured with Principal Propagation. The other is app router.

All related configuration of Principal Propagation are all finished in Cloud Connector and backend on-premise system. We also set up our own identity provider in SAP Cloud Platform.

Let me introduce what we want to achieve.

User login to cloud application using our own IDP from app router and then get some data from S4 on-premise system using the same user (different from the technical user in Basic authentication) configured in destination.

For more details please refer to https://blogs.sap.com/2017/07/13/part-2-how-to-use-the-sap-cloud-platform-connectivity-and-the-cloud-connector-in-the-cloud-foundry-environment/

What I did in java application to invoke billing document from S4 system.

public List<BillingDocument> getAllBillingdocuments() throws BusinessException {

        ResilienceConfiguration resilienceConfig = ResilienceConfiguration.of(MyBillingDocumentService.class)
                                                                                 .cacheConfiguration(CacheConfiguration.of(Duration.ofSeconds(10))
                                                                                 .withoutParameters());  // Cache key

        List<BillingDocument> billingDocuments;
        try {
            billingDocuments = ResilienceDecorator.executeCallable(() -> bdService.getAllBillingDocument()
                                                                                  .execute(DestinationUtil.getHttpDestinationS4XSSO()),
                                                                                       resilienceConfig);
        } catch (Exception e) {
            e.printStackTrace();
            throw BusinessException.convert(e);
        }
        return billingDocuments;
    }

I will leave out the configuration of app router. I promise it is correct.

The problem is user can login to cloud java application via app router using our own IDP, but when he/she wanted to get data from S4 on-premise system by the below url, the error always occurred.

https://****.cfapps.***.hana.ondemand.com/test311/billingdocument

The detailed error log from java application:

2020-02-17T06:01:22.948+0000 [APP/PROC/WEB/0] OUT { "written_at":"2020-02-17T06:01:22.945Z","written_ts":277856327935563,"tenant_id":"-","component_type":"application","component_id":"***","space_name":"***","component_name":"TestVer3.11_service","component_instance":"0","organization_id":"-","correlation_id":"-","organization_name":"-","space_id":"240338f7-479a-402f-bb31-f3aaf5c90406","container_id":"10.0.137.28","type":"log","logger":"com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache","thread":"cloudsdk-resilience-0","level":"ERROR","categories":[],"msg":"Error occurred while populating metadata: ","stacktrace":["com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler$ErpODataException: The endpoint responded with HTTP error code 401.nnFull error message: nSSO token validation failed. Make sure trust is configured correctly in the cloud connector to enable principal propagation, if token has not expired yet.","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createException(ODataVdmErrorResultHandler.java:117)","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:97)","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:33)","tat com.sap.cloud.sdk.odatav2.connectivity.internal.ODataConnectivityUtil.checkHttpStatus(ODataConnectivityUtil.java:219)","tat com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:239)","tat com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:156)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.loadMetadata(ODataQuery.java:379)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.loadEntriesFromDestination(ODataQuery.java:310)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.internalExecute(ODataQuery.java:253)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:151)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:135)","tat com.sap.cloud.sdk.datamodel.odata.helper.FluentHelperRead.execute(FluentHelperRead.java:250)","tat com.bosch.test.service.MyBillingDocumentService.lambda$getAllBillingdocuments$0(MyBillingDocumentService.java:55)","tat com.sap.cloud.sdk.cloudplatform.thread.ThreadContextCallable.call(ThreadContextCallable.java:247)","tat com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:293)","tat com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$1(Resilience4jDecorationStrategy.java:107)","tat java.util.concurrent.FutureTask.run(FutureTask.java:266)","tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)","tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)","tat java.lang.Thread.run(Thread.java:836)"] }
2020-02-17T06:01:23.168+0000 [APP/PROC/WEB/0] OUT { "written_at":"2020-02-17T06:01:23.167Z","written_ts":277856550010598,"tenant_id":"-","component_type":"application","component_id":"***","space_name":"***","component_name":"TestVer3.11_service","component_instance":"0","organization_id":"-","correlation_id":"-","organization_name":"-","space_id":"240338f7-479a-402f-bb31-f3aaf5c90406","container_id":"10.0.137.28","type":"log","logger":"com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache","thread":"cloudsdk-resilience-0","level":"ERROR","categories":[],"msg":"Error occurred while populating metadata: ","stacktrace":["com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler$ErpODataException: The endpoint responded with HTTP error code 401.nnFull error message: nSSO token validation failed. Make sure trust is configured correctly in the cloud connector to enable principal propagation, if token has not expired yet.","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createException(ODataVdmErrorResultHandler.java:117)","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:97)","tat com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:33)","tat com.sap.cloud.sdk.odatav2.connectivity.internal.ODataConnectivityUtil.checkHttpStatus(ODataConnectivityUtil.java:219)","tat com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:239)","tat com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:156)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.loadMetadata(ODataQuery.java:379)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.loadEntriesFromDestination(ODataQuery.java:310)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.internalExecute(ODataQuery.java:253)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.retryExecuteWithCompleteUrl(ODataQuery.java:172)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:157)","tat com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:135)","tat com.sap.cloud.sdk.datamodel.odata.helper.FluentHelperRead.execute(FluentHelperRead.java:250)","tat com.bosch.test.service.MyBillingDocumentService.lambda$getAllBillingdocuments$0(MyBillingDocumentService.java:55)","tat com.sap.cloud.sdk.cloudplatform.thread.ThreadContextCallable.call(ThreadContextCallable.java:247)","tat com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:293)","tat com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$1(Resilience4jDecorationStrategy.java:107)","tat java.util.concurrent.FutureTask.run(FutureTask.java:266)","tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)","tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)","tat java.lang.Thread.run(Thread.java:836)"] }
2020-02-17T06:01:23.171+0000 [APP/PROC/WEB/0] ERR com.sap.cloud.sdk.cloudplatform.resilience.ResilienceRuntimeException: com.sap.cloud.sdk.cloudplatform.resilience.ResilienceRuntimeException: com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: com.sap.cloud.sdk.odatav2.connectivity.ODataException: Unable to fetch the metadata : Failed to execute OData Metadata request.
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$null$2(Resilience4jDecorationStrategy.java:123)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at io.vavr.control.Try.onFailure(Try.java:659)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$3(Resilience4jDecorationStrategy.java:122)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.resilience.ResilienceDecorationStrategy.executeCallable(ResilienceDecorationStrategy.java:184)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.resilience.ResilienceDecorator.executeCallable(ResilienceDecorator.java:197)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.bosch.test.service.MyBillingDocumentService.getAllBillingdocuments(MyBillingDocumentService.java:54)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at com.bosch.test.controllers.MyBillingDocumentController.getAllBillingDocuments(MyBillingDocumentController.java:32)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at java.lang.reflect.Method.invoke(Method.java:498)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:888)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
2020-02-17T06:01:23.172+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.servlet.RequestAccessorFilter.lambda$doFilter$1(RequestAccessorFilter.java:71)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.lambda$execute$0(AbstractThreadContextExecutor.java:317)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.ThreadContextCallable.call(ThreadContextCallable.java:247)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:319)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.servlet.RequestAccessorFilter.doFilter(RequestAccessorFilter.java:71)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.173+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:180)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
2020-02-17T06:01:23.174+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
2020-02-17T06:01:23.175+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1579)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at java.lang.Thread.run(Thread.java:836)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.resilience.ResilienceRuntimeException: com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: com.sap.cloud.sdk.odatav2.connectivity.ODataException: Unable to fetch the metadata : Failed to execute OData Metadata request.
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.frameworks.resilience4j.DefaultCachingDecorator.lambda$decorateCallable$0(DefaultCachingDecorator.java:124)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at io.vavr.control.Try.of(Try.java:75)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at io.vavr.control.Try.ofCallable(Try.java:105)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$3(Resilience4jDecorationStrategy.java:118)
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR   ... 95 more
2020-02-17T06:01:23.176+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: com.sap.cloud.sdk.odatav2.connectivity.ODataException: Unable to fetch the metadata : Failed to execute OData Metadata request.
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:299)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy.lambda$decorateCallable$1(Resilience4jDecorationStrategy.java:107)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   ... 1 more
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.odatav2.connectivity.ODataException: Unable to fetch the metadata : Failed to execute OData Metadata request.
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.loadEntriesFromDestination(ODataQuery.java:312)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.internalExecute(ODataQuery.java:253)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.retryExecuteWithCompleteUrl(ODataQuery.java:172)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:157)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.ODataQuery.execute(ODataQuery.java:135)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.datamodel.odata.helper.FluentHelperRead.execute(FluentHelperRead.java:250)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.bosch.test.service.MyBillingDocumentService.lambda$getAllBillingdocuments$0(MyBillingDocumentService.java:55)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.ThreadContextCallable.call(ThreadContextCallable.java:247)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.cloudplatform.thread.AbstractThreadContextExecutor.execute(AbstractThreadContextExecutor.java:293)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   ... 5 more
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler$ErpODataException: The endpoint responded with HTTP error code 401.
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR Full error message: 
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR SSO token validation failed. Make sure trust is configured correctly in the cloud connector to enable principal propagation, if token has not expired yet.
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createException(ODataVdmErrorResultHandler.java:117)
2020-02-17T06:01:23.177+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:97)
2020-02-17T06:01:23.178+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.datamodel.odata.helper.ODataVdmErrorResultHandler.createError(ODataVdmErrorResultHandler.java:33)
2020-02-17T06:01:23.178+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.internal.ODataConnectivityUtil.checkHttpStatus(ODataConnectivityUtil.java:219)
2020-02-17T06:01:23.178+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:239)
2020-02-17T06:01:23.178+0000 [APP/PROC/WEB/0] ERR   at com.sap.cloud.sdk.odatav2.connectivity.cache.metadata.GuavaMetadataCache.getEdm(GuavaMetadataCache.java:156)

Set default PrincipalPropagationStrategy

public static HttpDestination getHttpDestinationS4XSSO() {
        PrincipalPropagationStrategy.setDefaultStrategy(PrincipalPropagationStrategy.COMPATIBILITY);
        Destination destination = DestinationAccessor.getDestination("S4X_HTTP_SSO");
        return destination.asHttp().decorate(DefaultErpHttpDestination::new);
    }
2
sap-cloud-platformsap-cloud-sdk
First idea: Reconnect the Cloud Connector with the subaccount.Emdee
Thank you. But it always works for previous version. It might not be the reason.Jerry Zhang
I understand what you're saying, but have you tried reconnecting Cloud Connector and the subaccount?Emdee
I tested again as you suggested. But I still got the same error. I used the same project(same code) to check between 3.7.0 and 3.13.0. It always works with 3.7.0 but not with 3.13.0.Jerry Zhang
Then pls share the Cloud Connector log with us.Emdee

2 Answers

3
votes

Update:

We fixed the reported issue with SAP Cloud SDK 3.16.1

If possible please update the dependencies accordingly.

Original answer:

The SAP Cloud SDK has adopted the recommended option to implement user propagation, see SAP Cloud Platform Connectivity: Configure Principal Propagation via User Exchange Token

However, if the recommended option is not working for you, then a switch to the old practice is possible: the compatibility option. Just invoke the following method once in your application code:

import com.sap.cloud.sdk.cloudplatform.connectivity.PrincipalPropagationStrategy;

PrincipalPropagationStrategy.setDefaultStrategy(PrincipalPropagationStrategy.COMPATIBILITY);

This will effectively revert the changes, that you are experiencing between version 3.10.0 and 3.11.0.

We have found a potential issue with our implementation from 3.11.0 and onward. Until this is fixed, please try the following quick workaround for resolving a HttpDestination. In the meantime we are working on a fix for the next version to come:

private HttpDestination getHttpDestination( final String destinationName ) {
  Destination destination = DestinationAccessor.tryGetDestination(destinationName).get();

  String url = destination.get("URL", String.class).getOrNull();
  ScpCfHttpDestination.Builder builder = ScpCfHttpDestination.builder(destinationName, url);

  // set properties
  for( String propertyName : destination.getPropertyNames() ) {
    builder.property(propertyName, destination.get(propertyName).getOrNull());
  }

  // add missing token (a workaround as of Cloud SDK 3.11, until fixed)
  String authToken = AuthTokenAccessor.getCurrentToken().getJwt().getToken();
  builder.header("SAP-Connectivity-Authentication", "Bearer " + authToken);

  // decorate optional S/4 destination properties, e.g. sap-client
  return builder.build().decorate(DefaultErpHttpDestination::new);
}
0
votes

The error message SSO token validation failed. Make sure trust is configured correctly in the cloud connector to enable principal propagation, if token has not expired yet. indicates an outdated/wrong/lacking trust configuration between the Cloud Connector and Cloud Foundry.

Kindly reconsider the trust configuration as per its official documentation, conduct the steps below headline 'Configure Trusted Entities in the Cloud Connector' in particular