search

SAP-docs / btp-cloud-identity-services

Markdown source for the Identity Authentication documentation. Enables feedback and contributions to improve the documentation.
Creative Commons Attribution 4.0 International
3 stars 9 forks source link

Feedback for "TOTP Validation Service" #12

Closed ullumullu closed 1 year ago

ullumullu commented 1 year ago

https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/3e4c3cfb56fa48819cfe19209fa38b1f.html?locale=en-US&q=TOTP

Hi,

I am trying to use the described endpoint above (/service/users/otp) with client certificate authentication. However my request gets rejected with:

 HTTP/1.1 401 
< Date: Mon, 21 Nov 2022 15:31:43 GMT
< Server: SAP
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-IDS-ID: FD302299-84B1-4334-ACE5-D1DC7E30BB08
< WWW-Authenticate: Basic realm=CPS Rest Services
< X-message-code: MISSING_AUTHORIZATION_HEADER
< Content-Type: text/html
< Content-Length: 0
< Vary: X-CSP-STRIP
< X-IDS-Node: idp05
< X-IDS-Pool: green
< X-IDS-Project: prod
< X-IDS-Landscape: eu-nl-1
< Referrer-Policy: origin
< X-Robots-Tag: none
< X-Content-Type-Options: nosniff
< Cache-Control: private,no-cache,no-store
< 
* Connection #0 to host haas.accounts.ondemand.com left intact

This can be reproduced by a similar setup:

CURL_SSL_BACKEND=secure-transport curl -X POST -L -E <client_certificate> -H "Content-Type: application/json" https://<account_id>.accounts.ondemand.com/service/users/otp -d '{"userName":xxx@yyyy.com","otpCode": "123456"}' -v
ValAta commented 1 year ago

Hi @ullumullu, Thank you for your question. It seems that the certificate you are using is not the correct one. You need a certificate that is used for the API. See https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/c408083913f3487bb923e70575ac0793.html?q=TOTP. Best regards.