cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

I am getting a blank page when I preview my RAP service binding in the BTP trial account.

Shyam4U
Explorer

4 weeks ago

0 Kudos
1,020

Shyam4U_0-1760502227809.png

Shyam4U_1-1760502295672.png

TITLE:
UCON 403 Forbidden Error - "The request has been blocked by UCON" on OData Service

DESCRIPTION:
I am experiencing a 403 Forbidden error when trying to access an OData service through a Fiori application. The error message in the browser console states:

"The request has been blocked by UCON."

DETAILS:
- Error Code: 403 Forbidden
- Error Message: "The request has been blocked by UCON"
- Application URL: https://[your-system-url]/sap/bc/adt/businessservices/odatav2/feap/[service-details]/flp.html
- SAP Client: 100
- Language: EN
- Resource Endpoint: /sap/opu/odata/sap/Z[service-name]

ERROR DETAILS FROM BROWSER CONSOLE:
Failed to load resource: the server responded with a status of 403 (Forbidden)
/sap/opu/odata/sap/Z…e&sap-language=EN:1

 

I am trying to display a list view by creating an entity on this service definition, and I have also created a service binding for it. 

@AbapCatalog.viewEnhancementCategory: [#NONE]
@AccessControl.authorizationCheck: #NOT_REQUIRED
@EndUserText.label: 'demo'
@Metadata.ignorePropagatedAnnotations: true
@ObjectModel.usageType:{
    serviceQuality: #X,
    sizeCategory: #S,
    dataClass: #MIXED
}
define view entity Zsam_demo as select from /dmo/connection
{
@UI.lineItem: [{ position: 10 ,label: 'CarrierId' }]
    key carrier_id as CarrierId,
@UI.lineItem: [{ position: 20 ,label: 'ConnectionId' }]
    key connection_id as ConnectionId,
    @ui.lineItem: [{ position: 30 ,label: 'AirportFromId' }]
    airport_from_id as AirportFromId,
    @ui.lineItem: [{ position: 40 ,label: 'AirportToId' }]
    airport_to_id as AirportToId,
    @ui.lineItem: [{ position: 50 ,label: 'DepartureTime' }]
    departure_time as DepartureTime, 
    @ui.lineItem: [{ position: 60 ,label: 'ArrivalTime' }]
    arrival_time as ArrivalTime
}
@EndUserText.label: 'demo'
define service Zssd_sam_demo {
  expose Zsam_demo;
}

Shyam4U_2-1760503736386.png

 

Please let me know anyone know to how resolve the issue 

I tried everything — I even deleted my BTP instance and created a new one, but I’m still facing the same issue.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
alfredo_gomezripoll
Participant
4 weeks ago
0 Kudos

I´m having the same problem while testing the service binding  from ADT, the message in service URL is:

The request has been blocked by UCON

 

alfredo_gomezripoll_0-1760523951746.png

 

I don´t know if this can help but in the authorization default values for the service binding , a message "Default values might not be sufficient" appears:

alfredo_gomezripoll_1-1760524203951.png

 

 

 

Accepted Solutions (0)

Answers (6)

Answers (6)

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
Sunday

I fixed this in all shared trial systems.

Please try again.

Kind regards,

Andre

Show replies
Show replies
alfredo_gomezripoll
Participant
yesterday
0 Kudos
Thank you very much, André.
Shyam4U
Explorer
yesterday
0 Kudos
@Andre_Fuscher thanks it's working now ..
PatrikBalazs
Associate
Associate
Wednesday
0 Kudos

Hello,

I had the same issue when trying to use the preview functionality in a Service Binding. There is a workaround that worked for me: Create a Communication Scenario, then add the inbound service to the Communication Scenario and publish it locally. Take a look at this tutorial (Steps 9-11).
Expose a Standard Core Data Service for ABAP Environment 

Best regards,

Patrik Balazs

Show replies
Show replies
Shyam4U
Explorer
Wednesday
0 Kudos
Hi @Patrik balazs . What u mention the steps 9 - 10 in the blog the step not working in BTP trail account it's not even showing the inbound, still the issue was not resolved
Shyam4U
Explorer
2 weeks ago
0 Kudos

Hi 

I discovered that there are preview issues with trial accounts hosted in the US/AWS region. It is better to delete the trial account and create a new one in the Singapore service region, where everything works fine.

Solved: SAP BTP Trial Account Published Services Not Worki... - SAP Community

 

Show replies
Show replies
Chuma
Active Contributor
3 weeks ago
0 Kudos

Hello @Shyam4U 

You're correct regarding the BTP trial/subscription: those tiles won’t appear in the cockpit, as SAP_BR_DEVELOPER isn’t displayed there. The solution is to activate the RAP service binding and assign the generated IAM catalogue to the user within the ABAP system’s Fiori Launchpad. SAP Help Portal-SAP Fiori Applications in the ABAP Environment

ABAP Environment, Business Catalogues and Business Roles where app access actually originates from in ABAP Env FLP.

Below are some useful SAP Documentation related

Maintain Business Roles & Users (FLP) and confirm that you do this inside the ABAP system’s Fiori Launchpad, not in the BTP cockpit. SAP Help Portal

Web Access for ABAP (subscription on trial), how do you get browser access to the ABAP FLP to assign roles? SAP Help Portal

ABAP Env Authorisation Model tutorial, hands-on guide to IAM in ABAP Environment (roles, catalogues, app exposure). SAP

RAP security – how RAP enforces authorisations (DCL/authorisation checks) once the user has the right role. SAP

BAS → ABAP destination (OAuth2 User Token Exchange), required so preview carries the user context/authorisations to ABAP. SAP Help Portal

 Context clarifier S/4HANA Cloud SAP_BR_DEVELOPER resides in S/4HANA Cloud dev tenants, not in BTP cockpit role collections. This is helpful when someone searches for it in the wrong place. SAP Help Portal

With kind regards

Chuma

Show replies
Show replies
Juwin
Active Contributor
4 weeks ago
0 Kudos

Before you do anything with security or anything else, please give the system some breathing/sleeping time.

This is utterly annoying, but we have faced this issue so many times in S/4 Public Cloud. There is some cache somewhere, invisible to us, that doesn't get updated/refreshed whenever a new binding/application is published and until that happens, the UCON error will continue to happen.

Unfortunately, requests to SAP to provide us a method to clear/reset the cache ourselves, was denied.

So, this what we do as workarounds:

  1. Add the CDS to an existing already published Service Definition. Since this is an existing service, the newly added CDS will be readily available via this service. We have a local/test Service Definition created in Dev system, exactly for this purpose.
  2. Wait for a few hours for the cache to be cleared (sometimes it takes a whole night) for your new service endpoint to work.
Show replies
Show replies
Shyam4U
Explorer
3 weeks ago
0 Kudos
Hi @Juwin
Chuma
Active Contributor
4 weeks ago
0 Kudos

Hello @Shyam4U 

Your 403 and blank preview aren’t a “UCON” problem in the BTP ABAP trial. It’s almost always due to authorisation or token issues with the OData service and/or preview.

I have analysed the error. I recommend the suggestion below; it will work.

Publish the binding.

  • In ADT → your service binding ZSAM_SB_DEMO89 (OData V2 – UI) → ensure Local Service Endpoint equals Published.

Assign the generated service role to yourself

  • Open the Default Authorisation Values in the binding and note the IAM App / Role Template name it produces.
  • In the ABAP (Fiori) system, go to Maintain Business Roles to create a new role using a template or the generated one. Then, assign this role to your business user in Maintain Business Users.
  • Also, ensure you have the SAP_BR_DEVELOPER business role, which is usually assigned by the trial booster.

Preview the entity set (not the root only)

  • Choose the entity set (Zsam_demo) in the binding and then click Preview…..
  • If the page is blank, open browser Network tab: now $metadata and the entity set call should be 200 OK. If it’s 403, it means step 2 hasn’t been applied to your user.

Don’t test with that curl

  • The URL http://localhost:49264/testclient/... is the ADT Test Client stub and will always return a 403 error without an OAuth bearer token. To test using curl, first get a token from your subaccount’s XSUAA, then make the call:

curl -H "Authorization: Bearer <token>"

     -H "Accept: application/json"

     "https://<your-abap-endpoint>/sap/opu/odata/sap/ZSAM_SB_DEMO89/Zsam_demo?$top=50

Useful SAP Documentation

SAP Help Portal – Editing Authorisation Default Values

Explains how the service binding in ABAP Environment automatically generates the authorisation scope and role, and that the user must be assigned this role to access or preview the OData service.
https://help.sap.com/docs/sap-btp-abap-environment/abap-environment/editing-default-authorization-va...

SAP Help Portal – Publish Service Binding (OData V2 / V4)
Explains how to publish the local service endpoint of your OData service before it can be accessed or previewed in a Fiori Elements app.https://help.sap.com/docs/abap-cloud/abap-rap/service-binding

Let me know how it goes

With regards

Chuma

Show replies
Show replies
Shyam4U
Explorer
4 weeks ago
0 Kudos
Hi @Chuma
Shyam4U
Explorer
4 weeks ago
0 Kudos

Hi  @Chuma

  • In the ABAP (Fiori) system, go to Maintain Business Roles to create a new role using a template or the generated one. Then, assign this role to your business user in Maintain Business Users.
  • Also, ensure you have the SAP_BR_DEVELOPER business role, which is usually assigned by the trial booster.

    The Above steps u mention they are not present the BTP trail account ,  maintain Business role 
    SAP_BR_DEVELOPER business role it does not present in the BTP trail Account Roles .
    Those  who are using the Subscription account in BTP they are all Facing the same issue  they cant preview the Entity in fiori .   

Ask a Question