4

My web app is Angular 7. I have a API endpoint for the user to login and sending requests to this URL and get the answers.

uri = 'https://mybackendurl.com/User';

  constructor(private http: HttpClient) { }

  signIn(email: string, password: string) {
    const httpOptions = {
      headers: new HttpHeaders({
        'Content-Type':  'text/xml',
        ...
      })
    };
    const soapData = '...';

    this.http.post(`${this.uri}`, soapData, httpOptions)

The structure I want to build is:

If the user has entered his / her information correctly, will be directed to a panel that uses this infrastructure. However, the user cannot login to the panel even if the user is logged in correctly. Because the URL wants some cookie information -it's called 'mysapsso2'. (I'm sorry, unfortunately my SAP knowledge is less) And bad news: I can't do it because the post method doesn't generate these unique cookies in Angular. (JS can't or I can't?)

I can't touch the backend URL. In this case, how can I get users to login to this panel using only the frontend skills?

Sandra Rossi
  • 10,563
  • 3
  • 20
  • 43
Karmacoma
  • 658
  • 1
  • 13
  • 35
  • 1
    On the front-end you cannot do HTTP requests to a different domain (in your case, the SAP system), due to a browsers' security feature: https://en.wikipedia.org/wiki/Same-origin_policy – Guilherme Maeda Jan 14 '19 at 22:50
  • The "sso" in "mysapsso2" probably stands for Single Sign-On. For making calls to it you would have to an OAuth or SAML2 authentication between your back-end and the SAP system. – Guilherme Maeda Jan 14 '19 at 22:55
  • @GuilhermeMaeda know and this is not related about my issue. I'm using Chrome CORS extension for temporary solution and it works. – Karmacoma Jan 14 '19 at 22:55
  • @GuilhermeMaeda want to ask for a better understanding: Do you think I need a backend server to do that? (Even if we assume that we have solved the CORS problem) – Karmacoma Jan 14 '19 at 22:58
  • If you tried using a valid username/password and it didn't accept the request, I assume the server is configured not to accept Basic Authentication, and probably there's a centralized Identity Provider where users have to log in before being redirected to applications. Here's a doc page from SAP Gateway about web applications accessing SAP systems: https://help.sap.com/doc/saphelp_gateway20sp12/2.0/en-US/b9/142abe60d448dc932460988573bf4e/content.htm?no_cache=true – Guilherme Maeda Jan 14 '19 at 23:07

1 Answers1

0

The POST request is done with angular is stateless, so even you have done the login, the cookie is not passed to the backend server.

I think the problem is due to cookie session absence. Try to add it manually with an Angular Interceptor.

For more information read this answer.

xcesco
  • 4,455
  • 3
  • 28
  • 61