Troubleshoot Authentication Issues in Http Receiver adapter

In this blog, we will explain how to do basic troubleshooting for different authentication types supported in the HTTP Receiver adapter.

HTTP 4XX Error

If you get an HTTP 4XX error then this is an indication that the target system has rejected the request because either you have sent invalid credentials or the credentials don’t have the required authorization or you have not sent the credentials.

Basic Authentication

Troubleshooting.
  • Redeploy credentials in CPI. Log into your tenant go to Overview -> Manage Security -> Select the alias name and click on the Edit button on the right. reenter the username and password and click on Deploy.
  • Retrigger the flow and see if the connection is successful.
  • If you still get an HTTP 401 error then open a Rest client like Postman and make the call to the target system using the same credentials that you have used in CPI. If the call from Postman also fails then the issue is with the credentials that are being used.
  • If the call from the Postman client is successful then enable the Integration Flow in CPI in Trace mode and re-trigger the Integration Flow. After the Integration Flow execution open the Trace mode and select the HTTP Receiver adapter that is failing and check the Header section to see if Authorization Header is available.
  • If the header is not available then check the HTTP Receiver adapter to see if the Authentication Type is selected is None.
  • If None is selected HTTP Receiver will not add the Authentication Header.
  • If the Authorization Header is visible in the Trace then this needs to be further analyzed and can be moved to the SAP CPI  team.

OAuth Client Credential Authentication

Troubleshooting
  • Redeploy credentials in CPI. Log in to your tenant go to Overview -> Manage Security -> Select the alias name and click on the Edit button on the right. reenter the Oauth Token Url, Client Id, and Client Secret, Enter Scope if that is required but not mandatory. Click on Deploy.
  • Retrigger the flow and see if the connection is successful.
  • If you still get an HTTP 401 or any other error, then open a Rest client like Postman and make the call to the OAuth URL using the same credentials that you have used in CPI.
Make a call to the OAuth endpoint from Postman
  • In Postman, go to Authorization and select OAuth 2.0 as Type
  • Press the button Get new Access Token.

  • Enter any name for <Token Name>.
  • In <Access Token URL> enter the Token Endpoint URL you have copied before.
  • In <Client ID> enter the ID.
  • In <Client Secret> enter Client Secret.
  • Press the button Get New Access Token.
  • If the call from Postman also fails then the issue is with the credentials that are being used.
  • If the call from the Postman client is successful then copy the Request Headers from the postman.  do the following to get the Request Headers, after the token fetch call in postman, you can verify the headers by going to Console -> select the last Post call and select Request Headers. copy these Request Headers in a notepad.
  • Enable the Integration Flow in CPI in Trace mode and re-trigger the Integration Flow. After the Integration Flow execution open the Trace mode and select the HTTP Receiver adapter that is failing and check the Header section to see if the Authorization header is available with value Bearer ****. 
  • If the value is not Bearer then it is the indication that the credential alias name provided in the HTTP Receiver adapter is not of type Client Credentials. Inform the user to select the credential alias of type Client Credentials.
  • If the Authorization header is available with value Bearer **** then do the following.
  • In the Trace, mode check if there is a response body from the OAuth endpoint that explains the reason why the Oauth Token is rejecting the request.
  • Based on the HTTP response body you have to troubleshoot accordingly.
  • Each target Oauth Server is different and we can’t provide a generic troubleshooting guide.
  • If you can’t proceed further even after checking the HTTP Response body from the OAuth Server in the Trace mode in CPI then move the incident to SAP CPI team by attaching the following
    1. Request Headers copied from Postman Client    2. HTTP Response Body of the Oauth endpoint from the Trace