Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Cloud SDK executeHttpRequest Request failed with status code 407

Go to solution
WouterLemaire
SAP Mentor
SAP Mentor

on ‎2020 Aug 12 6:45 AM

43,058

Hi all,

I'm trying to use the function "executeHttpRequest" of the cloud SDK to create a request to my on premise backend system like this:

const token = retrieveJwt(request);
return await executeHttpRequest({destinationName:"MyDestination",jwt:token},request)

Unfortunately this results in a 407, which means my proxy authentication is missing. But when I get my destination before sending the request, I notice that the proxy authentication is available. I do this by using the following function:

const destination = await getDestinationFromDestinationService("MyDestination",{userJwt:token})

Any idea what I'm missing?

Here you have the full log from the request till the 407 error:

2020-08-12T05:25:21.194+0000 [APP/PROC/WEB/0] OUT {"message":"Attempting to retrieve destination from destination service.","level":"info","custom_fields":{"package":"core","messageContext":"destination-accessor"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-08-12T05:25:21.194Z","msg":"Attempting to retrieve destination from destination service.","written_ts":1597209921194,"written_at":"2020-08-12T05:25:21.194Z"}
2020-08-12T05:25:21.195+0000 [APP/PROC/WEB/0] OUT {"message":"Unable to match a specific XSUAA service instance to the given JWT. The following XSUAA instances are bound: cloud-approuter!t44784. The following one will be selected: cloud-approuter!t44784. This might produce errors in other parts of the system!","level":"warn","custom_fields":{"package":"core","messageContext":"environment-accessor"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-08-12T05:25:21.195Z","msg":"Unable to match a specific XSUAA service instance to the given JWT. The following XSUAA instances are bound: cloud-approuter!t44784. The following one will be selected: cloud-approuter!t44784. This might produce errors in other parts of the system!","written_ts":1597209921195,"written_at":"2020-08-12T05:25:21.195Z"}
2020-08-12T05:25:21.438+0000 [APP/PROC/WEB/0] OUT {"message":"Successfully retrieved destination from destination service.","level":"info","custom_fields":{"package":"core","messageContext":"destination-accessor"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-08-12T05:25:21.437Z","msg":"Successfully retrieved destination from destination service.","written_ts":1597209921437,"written_at":"2020-08-12T05:25:21.437Z"}
2020-08-12T05:25:21.438+0000 [APP/PROC/WEB/0] OUT {"message":"OnPrem destination proxy settings from connectivity service will be used.","level":"info","custom_fields":{"package":"core","messageContext":"proxy-util"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-08-12T05:25:21.438Z","msg":"OnPrem destination proxy settings from connectivity service will be used.","written_ts":1597209921438,"written_at":"2020-08-12T05:25:21.438Z"}
2020-08-12T05:25:21.589+0000 [APP/PROC/WEB/0] OUT {"message":"OnPrem destination proxy settings from connectivity service will be used.","level":"info","custom_fields":{"package":"core","messageContext":"proxy-util"},"logger":"sap-cloud-sdk-logger","timestamp":"2020-08-12T05:25:21.588Z","msg":"OnPrem destination proxy settings from connectivity service will be used.","written_ts":1597209921588,"written_at":"2020-08-12T05:25:21.588Z"}
78XtjpPvNIvZGWQy2ToJhGpdF9fDZe5QDm3mVz_u_fLcFp42a417sGfCyY7UwS2faNL7PqZwH5amOsfzRZYkrLVixUk-TF6N1o6Xzv-4tPDOFD8fzV9Z6ItGzi3EOr5ZXfn_y2QBHNAMJOou6Atrr-7x4Lb3z8d6YI7eKAjAdQgMZgWQ-KjTol6a9f2CEQExwCNZNQ7GFUxIAav4xhDFjUMEQ' } } }
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT [Nest] 81   - 08/12/2020, 5:25:21 AM   [ExceptionsHandler] Request failed with status code 407 +661ms
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT Error: Request failed with status code 407
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at createError (/home/vcap/deps/0/node_modules/axios/lib/core/createError.js:16:15)
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at settle (/home/vcap/deps/0/node_modules/axios/lib/core/settle.js:17:12)
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at IncomingMessage.handleStreamEnd (/home/vcap/deps/0/node_modules/axios/lib/adapters/http.js:236:11)
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at IncomingMessage.emit (events.js:203:15)
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at endReadableNT (_stream_readable.js:1145:12)
2020-08-12T05:25:21.706+0000 [APP/PROC/WEB/0] OUT     at process._tickCallback (internal/process/next_tick.js:63:19)

I'm also wondering why this shows up in the log "Unable to match a specific XSUAA service instance to the given JWT...." When looking at the decoded token and comparing it with the bound xsuaa service, it looks the same..

Thank you in advance!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 12 3:37 PM
0 Likes

Thanks for the destination. I tried to reproduce the issue, but I am not yet able to do it. The other object is the request in the executeHttpRequest(destination,request). Could you also share this object, because if there is a "authorization" in the headers of this request this could also mess with the creation of the request:

https://github.com/SAP/cloud-sdk/blob/7b4523e58a66571c8f7270c00684ebc3c000f883/packages/core/src/hea...

Show replies
Show replies
WouterLemaire
SAP Mentor
SAP Mentor
‎2020 Aug 13 8:04 AM
0 Likes

Indeed, it contains authorizations in the header. I will try to remove it from the request and let you know if it works. Thanks!

{ host: 'cloud-sdk-....cfapps.eu10.hana.ondemand.com',
  'user-agent':
   'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36',
  accept:
   'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
  'accept-encoding': 'gzip, deflate, br',
  'accept-language': 'en-US,en;q=0.9,nl;q=0.8',
  authorization:
   'Bearer eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi....',
  b3: '66e50120fe8febfc-66e50120fe8febfc',
  'cache-control': 'max-age=0',
  cookie:
   'slo_regular_domains_eu1_services_services=H4sIAAAAAAAAAOtKalXw5th1ZFH0Fft17t8WW58tV7atZ3mh4Txjr0i6Qg4AYzombCAAAAA%3D; 
  referer:
   'https://....accounts.ondemand.com/saml2/idp/acs/....accounts.ondemand.com',
  'sec-ch-ua':
   '"Not"A;Brand";v="99", "Chromium";v="84", "Google Chrome";v="84"',
  'sec-ch-ua-mobile': '?0',
  'sec-fetch-dest': 'document',
  'sec-fetch-mode': 'navigate',
  'sec-fetch-site': 'same-site',
  'upgrade-insecure-requests': '1',
  'x-b3-spanid': '66e50120fe8febfc',
  'x-b3-traceid': '66e50120fe8febfc',
  'x-cf-applicationid': 'b6784197-3672-4018-bbaa-36bf6393609d',
  'x-cf-instanceid': 'a9675601-7f52-48d1-512f-4a57',
  'x-cf-instanceindex': '0',
  'x-correlationid': '89291188-996b-4c54-63a1-4ede7e5afbc3',
  'x-forwarded-for': '94.224.73.250, 10.0.72.0, 52.28.241.88, 10.0.200.5',
  'x-forwarded-host':
   'approuter-....cfapps.eu10.hana.ondemand.com',
  'x-forwarded-path': '/EntitySet',
  'x-forwarded-proto': 'https',
  'x-request-start': '1597301860198',
  'x-scp-request-id': '45374f67-4fb7-40a4-96e5-31aef13a09bf-5F34E464-50C192D',
  'x-vcap-request-id': '2f62b365-bd76-4db4-42e2-1cd36235e091' }
artemkovalov
Advisor
Advisor
‎2020 Aug 14 10:43 AM

Hey c3d1947136cd4c748a7aa794001af496,

Can you confirm that it works for you now? Are there any relevant things that brought confusion which are relevant to add to the documentation?

Best,

Artem

WouterLemaire
SAP Mentor
SAP Mentor
‎2020 Aug 14 6:57 PM
0 Likes

Yes it works now. Delete request.header[‘authorization’] fixed it.


thanks for the help!

frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 18 10:28 AM
0 Likes

Good to hear. I also added a warning: https://github.com/SAP/cloud-sdk/pull/383 so that in the future if you have such a ambiguity you are warned and find it easier.

xin_jiang2
Advisor
Advisor
‎2020 Aug 22 4:26 PM
0 Likes

Hi Frank,

I am also facing the same issue when i using CAP "@sap/cds": "^4.1.5", doses this fixe released ? or which version of @sap-cloud-sdk/core can i use ?

Thanks,

Regards,

Xin

frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 25 10:02 AM
0 Likes

Hello Xin,

I would use the latest version of the SDK 1.27.0. However, since you are in side CAP the problem is that within the CDS-runtime the version of the SDK is fixed to 1.18.1. You can add the @sap-cloud-sdk/core@1.27.0 as a dependency so that you can use it in your custom code, but the cds-runtime will unfortunately use the older version.

The important thing to do is that you do not put the full "request" as the second argument of the "executeHttpRequest". Since this object contains header fields which will be wrongly overwrite the auth headers. Here as an issue where you can find some examples on how to use the http client:

https://github.com/SAP/cloud-sdk/issues/407

Best

Frank

frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 25 10:15 AM
0 Likes

Also just checked with a colleagues and the latest version of the cds-runtime specifies the core to be "^1.18.0" so you should get the latest minor version on a fresh install which is fine.

Best

Frank

Answers (5)

Answers (5)

frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 12 7:56 AM

Hello Wouter good morning,

what you do looks totally correct. Let's first investigate the 407 issue. The strange warning about the XSUAA is not nice but less important I guess.

Could you try one thing. When you fetch the destination using getDestinationFromDestinationService you can pass this object also directly to the executeHttpRequest(destination).

If it works then I know already that somethings goes wrong with the destination lookup inside the executeHttpRequest method. However, the same code is used to fetch destinations inside the executeHttpRequest and getDestinationFromDestinationService.

There is one difference though. In the executeHttpRequest a method called getDestination is used which does a destination lookup via (1) env variables (2) destination service instance (3) destination service. So you could also try if the result from getDestinationFromDestinationService and getDestination are different. If so you most likely have a destination defined in (1) or (2) and then this is taken if the name match of course.

Best

Frank

Show replies
Show replies
WouterLemaire
SAP Mentor
SAP Mentor
‎2020 Aug 12 8:26 AM
0 Likes

Thanks Frank for you fast reply. I tried "getDestinationFromDestinationService" as well, but the same result...

shakib2105
Explorer
‎2022 Oct 13 5:54 AM
0 Likes

Hi Wouter Lemaire,

Did you find any solution for that? I am facing the same issue. Can you please tell me how you solved that issue?

Show replies
Show replies
artemkovalov
Advisor
Advisor
‎2020 Aug 12 10:59 AM
0 Likes

Hi c3d1947136cd4c748a7aa794001af496,

If you think you've found a bug, feel free to create and issue towards our repo with the issue Frank requested. He might be unavailable before late noon today.

We're happy to investigate and help you solve it.

Best,

Artem

Show replies
Show replies
frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 12 8:41 AM
0 Likes

Could you send me the destination object you receive from the getDestinationFromService with any security relevant data replace with some dummy value.

Show replies
Show replies
WouterLemaire
SAP Mentor
SAP Mentor
‎2020 Aug 12 10:16 AM
0 Likes

Here you go:

{ originalProperties:
   { Name: 'destinationname',
     Type: 'HTTP',
     URL:
      'http://virtual-host:virtual-port/sap/opu/odata/sap/ZSERVICE/',
     Authentication: 'BasicAuthentication',
     ProxyType: 'OnPremise',
     'HTML5.ConnectionTimeoutInSeconds': '120',
     Description: 'My destination',
     User: 'User',
     'HTML5.SocketReadTimeoutInSeconds': '300',
     WebIDEEnabled: 'true',
     WebIDESystem: 'Systid',
     WebIDEUsage:
      'odata_abap, dev_abap,ui5_execute_abap, bsp_execute_abap,odata_gen',
     Password: 'password' },
  authTokens: [],
  certificates: [],
  name: 'destinationname',
  type: 'HTTP',
  url:
   'http:///virtual-host:virtual-port/sap/opu/odata/sap/ZSERVICE/',
  authentication: 'BasicAuthentication',
  proxyType: 'OnPremise',
  username: 'user',
  password: 'password',
  isTrustingAllCertificates: false,
  proxyConfiguration:
   { host: 'connectivityproxy.internal.cf.eu10.hana.ondemand.com',
     port: '20003',
     protocol: 'http',
     headers:
      { 'Proxy-Authorization':
         'Bearer eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vY2ZjcGVhZXh0Y29udHJhY2F1dGhwaWx...',
        'SAP-Connectivity-Authentication':
         'Bearer eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vY2ZjcGVhZXh0Y29udHJhY2F1dGhwaWxvdC5hdXRoZW50aWNhdGlvb...' } } }


<br>
frank_essenberger1
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 12 7:58 AM
0 Likes

In case you are interested in more details I always forget to mention our new and shiny github pages: https://sap.github.io/cloud-sdk/docs/js/features/connectivity/destination-js-sdk

Show replies
Show replies
WouterLemaire
SAP Mentor
SAP Mentor
‎2020 Aug 12 8:27 AM
0 Likes

Thanks! I already went through the documentation, even looked in the source code on github 🙂

Ask a Question