Step By Step PI\PO Mail Adapter OAuth 2.0 Configur... - Page 3

vamsikrishna_chintharlapa · ‎02-18-2022

Step By Step PI\PO Mail Adapter OAuth 2.0 Configuration with Office365

Prerequisites

Azure Side setting

PI\PO Mail Adapter side settings

In the current PI Mail adapter, it supports only Basic Authentication in Microsoft Exchange Online. From October 2020 onwards, Microsoft has decided to end the support of Basic Authentication Mode and only support OAuth 2.0 Authentication Mode. For more details refer the below link (published in September 2019) :

https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to...

Recently, Microsoft has decided to postpone disabling Basic Authentication in Exchange Online for those customers still actively using it until the second half of 2021. In the meantime, Microsoft will continue to disable Basic Authentication for newly created tenants by default. Starting in October 2020 they will also start to disable Basic Authentication in tenants that have no recorded usage. This means that applications that are using Basic Authentication to connect to Exchange Online might face authentication failures when adopted by a customer who is new to Exchange Online or has not used Basic Authentication applications before.

For more details refer the below link (published in April 2020) :

https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentica...

1.Prerequisites

Microsoft Azure:

If you want to connect PI\PO to Office 365 with OAuth 2.0, you need a directory/tenant in Microsoft Azure Active Directory.

You need a User which has required permissions and subscription in Azure Active Directory( like Administrator or Developer role).

You need a User with a subscription to access the “Mail Account” in office365. Please check whether the mail flow (outgoing \ incoming) is working.

SAP NetWeaver PI\PO :

You need the SAP PI\PO system along with Developer or Admin roles to the PI user. If you have an admin role then, you can make all the necessary configurations, without any issue.

This feature is available in 7.50 SP17 onwards. In this blog, I will be referring to SP21 because caching of refresh and access token feature is enabled from SP21 onwards.

As Office365 is in the cloud, you have to check with your network team whether the port 993(sender side)/587(receiver side) is open. If it is not open then the connectivity will not happen from the Mail adapter.

2. Azure Side settings:

App Registration

Client Secret

API Permissions

Redirect URL & Copy Endpoint

Note: Depending on organisational limits, you may not have access to Azure \ Office365. In this case you can request your Exchange Administrator to setup the below configurations.

You need below parameters to configure OAuth with PI\PO Mail Adapter.

OAuth User ( Office365 user)

Client ID

Tenant ID

Client Secret

1)App Registration

a)Open the Microsoft Azure link : https://portal.azure.com/#home

b) Select App registrations (or from Manage Azure Active Directory->View-> Manage(on left)-> App registrations.

c)Once you open App registrations you can create new registrations or see existing ones.

d) Now you can register an application on this page depending upon your account type. In my case I am using a single tenant. Next-> Click on register.

e) Once you register you can verify the same, by checking in owned applications under the registered app.

f) Click on your registered application and check the below parameters need for further details :

Application (client) ID : XXXXXXXXXXXXXXXXXXXXXXX

Object ID : XXXXXXXXXXXXXXXXXXXXXXX

Directory (tenant) ID : XXXXXXXXXXXXXXXXXXXXXXX

2) Client Secret

a) We need this client secret for OAuth 2.0 authentication(which is also configured in mail adapter communication channels), For this you need to create a new client secret in your App.

b) Open your application -> Click on “Certificates & Secrets” (on left) -> click on “New Client Secret”.

c) Once you provide all the required details, the client secret will be created successfully.

Note: The client secret will only visible during the time of creation. For your usage copy and save it in a secure area. This will be required while configuring the mail channels.

3)API Permissions

a) You need to give API permission to authorise the PI Application to access Azure.

b) Open the App registration -> Click on “API Permission”(on left side) -> Click on “Add a Permission” -> Microsoft APIs -> Select Microsoft Graph

c) Depending on the business requirement, you can select the required API permission. In my case-study, as it is a test system, I have selected the below permissions:

4)Redirect URL&Copy Endpoint

a) In the first step, the generated authorization code will be sent back to the PI application via Redirect URL. Hence we have to define the required redirect URI in Azure. This redirect URI is used internally for PI processing.

b)Open Application -> Click on Redirect URLs in Essentials -> Under “Web” you can add the required redirect URL by clicking on “Add URI”.

c) Contact your PI/PO developer or consultant while defining the REDIRECT URI in Azure Directory. It should be in-line with the mail adapter channel configuration.

d) Use the channel configuration to fill all the details(like Party, Service and Channel) to create a redirect URI in Azure Portal. Here is the format for your reference :

“https://<host>:<https-port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Business Component\Communication Component>”

3321222 - New Servlet for token generation in PI Mail adapter

From SP28 onwards ,the URL is now changed to the following by doing code changes . The older SPs do not need to implement these changes . The new URL is :

“http://<host>:<port>/ XIMAILAdapter/MailOAuthServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

e) Once you have completed all the above settings copy the end point details as mentioned below :

Share the below details to your PI\PO Developer or Consultant.

OAuth User( Office365 user)

Client ID

Tenant ID

Client Secret

Endpoint URLs

3.PI\PO Mail Adapter side settings

Sender Side configuration

Receiver Side Configuration

Integrated Configuration (ICO)- Create ICO once Sender\Receiver configured.Refresh token will not be generated without an ICO

PI\PO Mail Adapter will support OAuth 2.0 based authentication(with Office365)on both sender and Receiver side.

Use IMAPS / 993 (port) in the URL.

SMTPS / 587 (port) in the URL.

1) Sender Channel configuration

As mentioned earlier you need to get the below parameters to configure them in mail sender adapter communication channel.

URL

OAuth User( Office365 user)

Client ID

Tenant ID

Client Secret

Follow the below steps while configuring the mail sender channel :

a)Configure sender channel as given below :

b)Once you save and activate the channel, create Redirect URL as per the below format :

“http://<host>:<port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

3321222 - New Servlet for token generation in PI Mail adapter

From SP28 onwards ,the URL is now changed to the following by doing code changes . The older SPs do not need to implement these changes . The new URL is :

“http://<host>:<port>/ XIMAILAdapter/MailOAuthServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

3404237 - Addition of Microsoft Graph as an underlying API in mail adapter with OAuth.
From Sp24 onwards The option to use javax mail api or microsoft graph api is available at the channel level and the advanced parameter "IMail.useGraphAPI" should be set to true to indicate to the channel to use Microsoft Graph API for connecting and processing the mails using Graph API. By default the value of the parameter is false and hence javax mail api will be used. The refresh token has to generated again after setting the parameter to true and by changing the scope in the refresh token url to "https://graph.microsoft.com/.default".

Provide this to Azure administrator to use while adding Redirect URl ( Please Refer: 2. Azure Side settings ->4) Redirect URL & Copy Endpoint)

You have to encode the Redirect URI else you will face "URL specified request does not match" error while generating the refresh token.

c)Once the Redirect URI is updated in the Azure portal, proceed to generate tokens(refresh/access) with the below URL

“https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>”

Required Scope for Sender side : “https://outlook.office365.com/IMAP.AccessAsUser.All”

d) Once you execute the above URL, Check the result in the browser itself.

Note: These tokens are generated with the help of authorization code, which is generated while executing the above URL(in the background). After successful generation of the tokens, they will be stored in cache. While executing the URL, you will be required to provide the login details of Azure(First) and PI/PO (next).

2)Receiver Side Configuration

Follow the same steps(as mentioned for Sender side Configuration) and use SMTP protocol to send mails to Office365 via OAuth 2.0 authentication.

Required Scope for Receiver side: https://outlook.office365.com/SMTP.Send

The above steps will help you to configure PI\PO Mail Adapter with OAuth 2.0 authentication with Office365.

You can refer to the SAP Note & documentation below for more information.

Note: 3021526 , 2928726

SAP NetWeaver 7.5 – SAP Help Portal

https://blogs.sap.com/?p=1513724

Additional Information:

Note1: In case of multi server environment, the OAuth tokens stored in the Cache are not retrieved properly. This leads to failure of the scenario during the runtime (error being: Refresh token has to be generated again)

Solution: Please apply the patch as present in this note ( 3169585 ). After applied while generating the refresh token the value of the token is displayed on the screen( You can copy the token value) , Additionally a new "Additional Parameter" (as shown in the below screenshot) is added for the mail sender channel with the name as 'IMail.refreshToken' and the value of refresh token should be stored with this parameter in the mail sender channel (Make sure you include double quotes in your token)

eg: if the value of refresh token as displayed on browser is 0.ALSKDHLAKSYOQEW.....alsdll, then in channel add following value "0.ALSKDHLAKSYOQEW.....alsdll").

Note2: From SP24 onwards once refresh token generated successfully no need to generate it again, If you generate you will get exception like below, Existing token will be available as per the time line.

Key ID **************************************_Refresh already exists in database: com.sap.sql.exception.OpenSQLIntegrityConstraintViolationException: ORA-00001: unique constraint (UNKNOWN.obj#=*********) violated

OpenSQLExceptionCategories: [NON_TRANSIENT, INTEGRITY_CONSTRAINT_VIOLATION]

3165141 - New F: Issue with access\refresh token in multi server nodes environment in Mail( OAuth) (...

Note3: For OAuth Scenario you should be disable StartTLS parameter, If you set both OAuth\StartTLS together you will get the exception saying connection error.

Note 4:

3321222 - New Servlet for token generation in PI Mail adapter

From SP28 onwards ,the URL is now changed to the following by doing code changes . The older SPs do not need to implement these changes . The new URL is :

“http://<host>:<port>/ XIMAILAdapter/MailOAuthServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Service-Name>”

3404237 - Addition of Microsoft Graph as an underlying API in mail adapter with OAuth.
From Sp24 onwards The option to use javax mail api or microsoft graph api is available at the channel level and the advanced parameter "IMail.useGraphAPI" should be set to true to indicate to the channel to use Microsoft Graph API for connecting and processing the mails using Graph API. By default the value of the parameter is false and hence javax mail api will be used. The refresh token has to generated again after setting the parameter to true and by changing the scope in the refresh token url to "https://graph.microsoft.com/.default".

former_member828327 · ‎12-28-2022

Hi Juan!

I'm facing the same issues that Osmundo.

For the permissions we've set all the permissions that were mentioned in this blog. Also the user is assigned to the APP in the Azure Directory.

juan_vasquez2 · ‎12-28-2022

Hi Mateus

you can share your communication channel configuration?

do you have office 365 exchange online permissions configured?

are you able to re-generated the token in private mode.?

Regards

former_member828327 · ‎12-28-2022

Hi Juan!

Sure, can I contact you by e-mail?

former_member835101 · ‎12-29-2022

Mateus, did you solve your problem?

former_member828327 · ‎12-30-2022

Hi Bruno!

I still didn't solve the problem, now i'm waiting for the microsoft support, since it seems to be an issue with the azure app.

former_member835101 · ‎12-30-2022

Hello Juan,
sorry but I didn't understand. Roles need to be assigned to which users? The ones configuring the APP?
And the Token should be generated with which user? With the user that will be accessed? Ex: my application will access the support@contoso.com mailbox via imap, so should I generate the token in private with this account?

former_member831548 · ‎01-04-2023

Hi Juan,

many days passed we still cannot solve this problem.

actually, we have band two mail account to one same application, they've shared the same API permission and setting, the first one mail account for example “aaa@mail.com” for QAS is work. but another mail account "bbb@mail.com" for our PRD system doesn't work.

the only difference between the “aaa@mail.com” and "bbb@mail.com" is

the mail account "bbb@mail.com" is a shared mailbox.

Do you have any advice?

former_member831548 · ‎01-05-2023

Hi Mateus,

Did you solve your problem?

former_member828327 · ‎01-05-2023

Hi Osmundo, the issue still persists.

juan_vasquez2 · ‎01-05-2023

Hi Osmundo

I'm just working in a QAS account,

I don't know if shared one has particular configuration.

Regards

Juan

juan_vasquez2 · ‎01-05-2023

Hi Bruno

you are right

you need to link your app with your user: support@aaa.bbb.

then in your app configure redirect URL

“https://<host>:<https-port>/ XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service=<Business Component\Communication Component>”

then use a "new incognito window" in chrome or other browser and generate token using

“https://login.microsoftonline.com/<Tenant-Id>/oauth2/v2.0/authorize?client_id=<Client-Id>&response_type=code&redirect_uri=<Redirect-URI>&scope=<Scope>”

here you need to use the same user: support@aaa.bbb

On the roles just to confirm, when connecting to Microsoft Outlook 365 with OAuth2 the following security roles must be considered

- A user should have an organizational directory/tenant in Microsoft Azure Active Directory and the user in this directory must have a subscription to Outlook 365.

- For the configuration tasks in the Azure Active Directory, a user should have “Application administrator” and “Application developer” roles.

Regards

former_member835101 · ‎01-05-2023

Hi Juan,

I have considered all the guidelines, but the BAD USER error still persists.
I found a KBA 3267439 from SAP pointing to the following resolution:
"The polling interval has to be increased at Microsoft side to be more than 10 minutes"

What would it be, and where do I configure this "polling interval"?

juan_vasquez2 · ‎01-05-2023

Hi Bruno

I had that error, with Azure admin, we add roles to user, review Office 365 Exchange on line,

and

then use a "new incognito window" in chrome or other browser and generate token using

when we used normal mode insted incognito, we got some kind of authentication issues.

just try it

regards

Juan

former_member835101 · ‎01-05-2023

So, I already tried the incognito window, reviewed everything. But nothing works.
About the roles, should I add them to the user who is using the application? That is, even though it is a system account, I must add the roles "Application administrator” and “Application developer”:

juan_vasquez2 · ‎01-05-2023

Hi Bruno

Yes you need to add roles to user

regards

ccsaplim · ‎01-18-2023

Hello,

Recently I also have encountered this READ 001F NO LOGIN failed. any leads on what is causing the problem? I have the logs in XPI but there's not much information provided.

vamsikrishna_chintharlapa · ‎01-18-2023

Hello Ray,

Is this issue happening regularly, send me XPI trace what ever available.

Regards,

Vamsi.

ccsaplim · ‎01-18-2023

Hi, Vamsi.

Yes. I used all the log locations mentioned, but I could only get this information. I'm using XPI version 7.3

oliver_huetkoeper1 · ‎01-19-2023

Hi zlena, 100383997344 and vamsikrishna.chintharlapalli,

we are also facing this error. When calling the URL to fetch the OAuth token for a Mail Receiver adapter, this message is displayed:

Exception occurred while retrieving Access/Refresh Token. Please collect and check XPI Trace for further information.
Access/Refresh token can not be retrieved. Please collect and check XPI Trace for further information.

And the XPI trace displays this error:

Exception occurred while retrieving Access/Refresh Token : java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.service.cpa.Channel.getObjectId() of a null object loaded from local variable 'channel'
at com.sap.aii.adapter.soap.web.MessageServlet.fetchChannel(MessageServlet.java:1159)
at com.sap.aii.adapter.soap.web.MessageServlet.doGet(MessageServlet.java:277)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.engine.services.servlets_jsp.server.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:126)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:441)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:439)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:428)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:85)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:35)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:468)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:262)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Fetching the token for a Mail Sender adapter works fine.

How did you solve this issue?

Thanks and best regards;
Oliver

former_member835101 · ‎01-19-2023

Hi Osmundo and Mateus, did you solve your problems?

oliver_huetkoeper1 · ‎01-20-2023

Hi,

I think we identified the error. For the whitelist of redirect URIs in Azure we used a generic approach (https://<host>:<port>/XISOAPAdapter/*). According to the Azure documentation this is supported. But when doing the authorization, Azure does not redirect to https://<host>:<port>/XISOAPAdapter/MessageServlet?channel=<Channel-Name>&party=<Party-Name>&service... but instead to https://<host>:<port>/XISOAPAdapter/MessageServlet?code=XXX&session_state=XXX

So Azure removes the query parameters. It looks like you definitely need to maintain one whitelist entry for each communication channel.

According to the Azure documentation, the recommended way to transfer data is to use a "state parameter". But this is something only the SAP PI developers can change.

Best regards,
Oliver

former_member838240 · ‎01-21-2023

Hi Ray-an

Check note 3221513 - - Information regarding Microsoft's announcement of deprecating Basic Authorization in Exc...

former_member838240 · ‎01-21-2023

Hi Vamsi,

I've the below error when i execute microsoft link with uri redirect, can you help me?

ccsaplim · ‎01-22-2023

Hi, Sydrack.

Thanks for this. We already enabled OAuth 2.0 and followed the steps mentioned in this blog so I think it should not be the case already. Just an update; For some reason, recreating the channel from scratch managed so solved the issue. Looks to be more on the cache from our side that's causing the problem. But if we dig deeper in the cache monitoring, everything is in green. So not sure the reason why. The new channel is exactly the same with the current one we're using. Any ideas where to check?

max_anjos · ‎01-26-2023

Hi! Were you able to resolve this issue?

former_member791057 · ‎02-06-2023

Dear vamsikrishna.chintharlapalli,

After all the configuration, the error AUTHENTICATE failed appears, if you can help us on how to solve the problem.

Thnaks a lot.

vamsikrishna_chintharlapa · ‎02-07-2023

Did you please confirm all required certificates imported as i mentioned below

f you facing an error like “Peer Certificate error” while generating the refresh token then, please follow the below steps :

Download the below certificates from Microsoft site
- BaltimoreCyberTrustRoot.crt
- DigiCertGlobalCAG2 (1).crt
- DigiCertGlobalRootCA.crt
- stamp2.login.microsoftonline.com.crt

Please import all the certificates under TrustedCAs view(in NWA page) one by one with X509 category, You can see in browser site view information.

Try generating the refresh token again. It will be successful

vamsikrishna_chintharlapa · ‎02-07-2023

Please check required roles for user

former_member791057 · ‎02-07-2023

Dear Vamsi,

Which are the required roles? and which side we need to check? Azure side or SAP side?

Thanks a lot!!

vamsikrishna_chintharlapa · ‎02-08-2023

You can try this

User need to have subscription and configuration in the Azure Active Directory you should have “Application administrator” and Application developer roles. I am not aware of your company restrictions for users\ You can check the same with your Azure \office365 team they will provide.

If you still face any issue i will recommend to open incident to SAP.

Thanks,

Vamsi Krishna C

matheustux · ‎02-10-2023

Just trying to help someone that possible is facing same problem that i had:

I've configured everything according with this guide but and every 4 hours I had to connect and renew the microsoft token.

I raised a ticket to microsoft and no problems detected, they suggest me to raise a new ticket to SAP....

After weeks renewing manually the ticket which was stopping our operation, we found a solution:

PI version: Netweaver 7.50 SP24

MESSAGING and XIAF component was running on 1000.7.5.0.24.0.20220504201200 and after upgrade to: 1000.7.5.0.24.16.2023111010600 the problem was solved.

former_member842916 · ‎02-21-2023

Firstly, thank you for this wonderful post!

Unfortunately, I am having a strange issue.
We recently upgraded to SP25. With this, we are able to successfully retrieve the refresh token accordingly and it was indeed correctly saved in the PI/PO Cache.

Concern now is on the xpi_inspector, I see that the xi.net.IMail.ClientConnection.connect -> it is using a token url with "null" tenant-ID thus causing the issue >> not OK, Mailbox select test, Error in retrieving mailbox size: java.io.IOException: Reason : :"AADSTS900023: Specified tenant identifier 'null' is neither a valid DNS name

error on null tenant ID

j_hartjes · ‎03-27-2023

Thanx for the Blog. We succeeded to make this work for us.

But some emails results in an error : It concerns I think the encoding :

adapter

Error message is :

Exception caught during processing mail message [0]java.lang.NullPointerException: while trying to invoke the method java.lang.String.equals(java.lang.Object) of a null object loaded from field com.sap.aii.af.sdk.xi.net.MIMEInputSource.processInlineImageAsAttachment of an object loaded from local variable 'this'

The error occurs when there is a picture in the mail. I tried all sorts of encoding.

In 7.4 without Oauth 2.0 there where no errors.

Anyone an Idea

thnx

former_member867792 · ‎07-18-2023

I would like to check what would be the solution to this problem,

everything was inserted correctly into the communication channel, but it shows this error.

vamsikrishna_chintharlapa · ‎07-19-2023

Hello Lucas,

As i observed there is an Authentication unsuccessful, Please recheck user roles\permission again .

provide me XPI logs if you still face any issues?

Thanks & Regards,

Vamsi.

RonSterren · ‎02-22-2024

Hi @vamsikrishna_chintharlapa,

I configured successfully the OAUTH connection between SAP PO 7.5 and Azure.

However now I want to configure the same for another communication channel and now I get the following error in the XPI trace :

Exception occurred while retrieving Access/Refresh Token : java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.service.cpa.Channel.getObjectId() of a null object loaded from local variable 'channel'

The communication channels look the same only the name of channel and service is different. So that's also the only part I changed in the URL. Do you have an ideay how this is possible? (only communication channel name is longer (40 chars)

When I call the communication channel from the browser (without parameter &code=) the response is :

Message Servlet is in Status OK

Status information:

Servlet com.sap.aii.adapter.soap.web.MessageServlet (Version $Id: //tc/xpi.adapters/NW750EXT_25_REL/src/_soap_application_web_module/webm/api/com/sap/aii/adapter/soap/web/MessageServlet.java#2 $) bound to /MessageServlet
Classname ModuleProcessor: null
Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
Lookupname for remoteModuleProcessorLookupName: null
ModuleProcessorClass not instantiated
ModuleProcessorLocal is Instance of com.sun.proxy.$Proxy1461
ModuleProcessorRemote not instantiated

vamsikrishna_chintharlapa · ‎02-22-2024

Hello RonSterren,

Kindly confirm did you add new redirect URL in Azure for new channel? Please collect XPI trace and send me.

Regards

Vamsi

Vamsi.

RonSterren · ‎02-22-2024

Hi @vamsikrishna_chintharlapa,

Yes I did. The call to Azure is working fine. But when the redirect is "executed" I get that error.

In PO I also checked the cache and the communication channel is available.

Regards

Ron

RonSterren · ‎02-23-2024

Hi @vamsikrishna_chintharlapa

What is the best way to send the XPI trace file? I can not see any options in this chat

Best regards

Ron van der Sterren

vamsikrishna_chintharlapa · ‎02-23-2024

Hello RonSterren,

You can create ticket to BC-XI-CON-MAI component by mentioning details about issue along with XPI trace, We will check and process it.

Thanks & Regards,

Vamsi.

juan_vasquez2 · ‎02-29-2024

You could please help me with this issue

the response of Azure AD Authorization Code Flow is different now, the code=0.ASUA2U-k-... is different

how can I get the refresh token?

I configured the channel and get the refresh token

I used to get tokens like this

but now the token is different

Now I don't know how to obtain the refresh token.Now I don't know how to obtain the refresh token.

Step By Step PI\PO Mail Adapter OAuth 2.0 Configuration with Office365

Message Servlet is in Status OK

Status information:

Get Your SAP HANA Idea Incubator Badge Today!

SCN Mission - SAP HANA Quiz Challenge is now retired

Share your #HANAStory and Win