on 2023 Mar 07 1:06 PM
Dear community,
i recently stumbled over a problem with the odata basic authentication handling in SAP.
I used Postman to execute a simple Get-Request to a (german) SAP-System, for example
https://<my_server>.de/sap/opu/odata/TEST/SystemSet$format=json
For Authorization i used "Basic Auth" and entered my SAP Username and Password.
Postman automatically generates the Authorization-Header entry for the odata-Request by encoding <Username>:<Password> into base64.
As long as my password doesn't contain any special characters, everything is fine. However if the password contains special characters like the german 'ß', 'ö', 'ä' the request always ends with 401 Unauthorized.
I found out that Postman uses UTF-8 for base64 encoding as Destination Character Set. However the SAP system, on the other hand, uses ISO-8859-1 (Latin-1) for decoding the base64 Authorization-String which leads to the 401 error.
I believe the codepage used for decoding is something related to the SAP System settings itself.
Does anybody know where the SAP-Gateway determines the character set for decoding the Base64 authorization strings?
The question is similar to this topic which was not answered unfortunately.
Thanks in advance and best regards
George
Request clarification before answering.
Hello Gregor!
Yes, I also stumbled upon this hint. However, the "solution" was insufficient for us, as the problem also affects usernames and not just passwords (both are encoded together in the authorization header), and we couldn't simple switch to new usernames.
So I tried to find the source where the decoding is done to find out which code page the system uses for Base64 decoding. It looks like a System-Call is used in CL_HTTP_REQUEST->IF_HTTP_REQUEST~GET_AUTHORIZATION and that it uses the internal system code page.
I couldn't completely verify this, but 'RFC_SYSTEM_INFO' and 'SCP_CODEPAGE_FOR_LANGUAGE' provide exactly the code page that is used for decoding on our German systems.
The only solution for us was that the caller encodes the authorization header of the odata request with the SAP codepage instead of UTF-8, so that the special characters are not lost.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think I found the SAP Note that describes this issue: 1240796 - HTTP logon with Basic Authorization or special character
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
72 | |
30 | |
8 | |
7 | |
6 | |
6 | |
6 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.