/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
When consuming data in Power BI and other Clients, Tools, and Apps via an OData Service, authentication error raises:
- {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
- 401-Unauthorized
- Invalid authentication credentials provided (HTTP Status 401)
Environment
SAP DataSphere
Cause
Datasphere only supports authentication via OAuth2.0 flow with type authorization_code or via SAML Bearer Assertion, the setup should be reviewed.
Resolution
Consuming exposed data in third-party clients, tools, and apps via an OData service requires a three-legged OAuth2.0 flow or can be performed via SAML Bearer Assertion:
Three-legged OAuth2.0 flow with type authorization_code
Users must manually authenticate against the configured IDP in order to generate the authorization code before continuing with the remaining OAuth2.0 steps.
Auth 2.0 Authentication Code requires passing parameters such as oAuth_token_URL, oAuth_authorize_url, client_id, client_secret.
It is up to the client to properly handle these parameters to assure authentication against SAP Datasphere. Also, refresh token will be valid for 30 days by default and could be increased to 180 days. Further details are available in:
Create OAuth2.0 Clients to Authenticate Against SAP Datasphere
Using SAP Datasphere Consumption APIs in SAP Build - A 3-legged Authorization Flow Setup
SAML Bearer Assertion
With the use of SAML Bearer Assertion propagation is possible to forward the IdP authentication from a browser based third-party application to SAP Datasphere without any extra user interaction. Further details are available in:
Integrating with SAP Datasphere Consumption APIs using SAML Bearer Assertion
See Also
Consume Data via the OData API | SAP Help Portal
Connecting SAP Data Warehouse Cloud OData API with PowerBI via a Blank Query
Create OAuth2.0 Clients to Authenticate Against SAP Datasphere
Using SAP Datasphere Consumption APIs in SAP Build - A 3-legged Authorization Flow Setup
Integrating with SAP Datasphere Consumption APIs using SAML Bearer Assertion
Keywords
odata, api, unauthorized, dwc, token lifetime, OAuth2.0, SAML Bearer, authentication , KBA , DS-BB-ODATA , To address issues related to Odata consumption API , DS-AUT , Authorizations (Locks, etc.) , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)