We are using SAP NW 7.40 SP12 system and want to test SAP OData service with OAuth 2.0 authentication and grant type as SAML 2.0 Bearer Assertion (Client Credentials). We have successfully tested grant type Authorization Code from POSTMAN Native application version: 6.1.3
Below is the SAP SCN Wiki page we referred for configuration.
Also configured ADFS 4.0 as "OAuth 2.0 Identity Provider" in transaction SAML2. JWT Token is getting generated but when we use that token with OData service it gives 401 unauthorized error. Please refer below screenshots from POSTMAN.
Please guide us to resolve this as we are newbie in this particular topic.
ABAP does not allow to use an external OAuth2 Authorization Server (in your case: MS ADFS 4.0, issuing JWT).
ABAP acting as Resource Server only accepts it's own OAuth2 Access Tokens (which are not JWTs).
You have mentioned that you've successfully used POSTMAN with the OAuth2 Authorization Code Grant.
In that case you've submitted the request to the authorization endpoint of ABAP's OAuth2 Authorization Server receiving a HTML Response for the interactive scope approval; afterwards the redirect to the redirect URL of the registered OAuth2 client was triggered; the OAuth2 client then was using his Client credentials and the obtained authorization code token for obtaining the desired OAuth2 Access Token (issued by the ABAP server).
For the SAML Bearer Grant you have request an OAuth2 Access Token from the token endpoint of ABAP's OAuth2 Authorization Server, providing Client credentials of a registered OAuth2 Client and a valid SAML Bearer Token (which might be created by MS ADFS 4.0). For this to work you have to establish a SAML trust between that SAML token issuer and the ABAP System (acting as SAML consumer).
Actually that's all described on
I hope that this Information helps you to resolve the problem.
Best regards, Wolfgang