TLDR: Basically, my question would be if there is any method on class if_http_client or any ABAP class that can turn off SSL verification? Because it seems that it only works when it is disabled. If not then how do I bypass this error?
Long description:
I am able to receive response using Postman but when trying to code it on ABAP, I cannot get response. I want to receive token from api-eu.ariba.com. Here's my inputs on Postman:
- URL: https://api-eu.ariba.com/v2/oauth/token
- Method:
POST - Headers:
Content-Type: application/x-www-form-urlencodedAuthorization: Basic + API key
- Body:
grant_type: openapi_2lo
When I try these inputs on Postman, I am able to get response only when SSL verification is disabled. I have tested this also in Python as there is a parameter in requests to disable SSL verification and able to get the same response. But when I try this on ABAP (using if_http_client), this is where I get HTTP communication error upon receiving response.
Direct connect to api-eu.ariba.com:443 failed: NIECONN_REFUSED(-10)
So far, I've tried the following:
- Install public cert for SAP Ariba EU (RSA) into
STRUST - Tried to add OAUTH profile from
OA2C_CONFIG(I'm not sure if I did the config correctly). Tried to set token but get error:HTTP failure, processing failed, invalid state, invalid timeout or others Error calling EXECUTE_CC_FLOW.
I have very little Basis knowledge so I'm not sure if I did the OA2C_CONFIG correctly and not knowledgeable with ABAP REST API related classes.
ABAP code snippet:
*Creation of New IF_HTTP_Client Object
CALL METHOD cl_http_client=>create_by_url
EXPORTING
url = lv_endpoint
ssl_id = 'ANONYM'
IMPORTING
client = lo_client
EXCEPTIONS
argument_not_found = 1
plugin_not_active = 2
internal_error = 3
OTHERS = 4.
IF sy-subrc IS NOT INITIAL.
* Handle errors
ENDIF.
lo_client->propertytype_logon_popup = 0.
*lo_client->request->set_method( if_http_request=>co_request_method_post ).
CALL METHOD lo_client->request->set_method( 'POST' ).
lo_client->request->set_header_field( name = 'Authorization' value = lv_auth ).
lo_client->request->set_header_field( name = 'Content-Type' value = lv_contyp ).
lo_client->request->set_form_field( name = 'grant_type' value = lv_grantype ).
lo_client->send( ).
IF sy-subrc IS NOT INITIAL.
* Handle errors
ENDIF.
CALL METHOD lo_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
OTHERS = 4.
IF sy-subrc IS NOT INITIAL.
lo_client->get_last_error(
IMPORTING
message = lv_response ).
WRITE: / lv_response.
IF sy-subrc = 0.
ENDIF.
ENDIF.
Edit: Able to found a parameter on class:
CL_HTTP_CLIENT->CREATE_BY_URL
called DO_NOT_USE_CLIENT_CERT, that is abap_false by default. Changed the value to abap_true but this didn't work.
I checked api-eu.ariba.com SSL and it looks valid. Maybe you date/time didn't correct or root certificate is missing.
You can enable ICM trace at t-code SMICM. Create a test connection at SM59 then click test connection button. Then check the ICM log. You will get more details in the log.
You need to configure TLS version and handshake methods for SAP. Maybe your SAP only accept TLS 1.3 because of security reason but the endpoint not supporting it.