How to Check AAD/SPO Connection Using Advantco REST Workbench

Recently, I had a chance to work with windows Azure and SharePoint integration with SAP PI 7.4. In this blog, I will be sharing the use of Advantco REST adapter workbench and how to check AAD/SPO connection from the same.

 

1. PREPARATION STEPS:

 

STEP 1: Login to REST Workbench. For example, we have different URLs to access the REST WB in different environments.

 

DEV

https://vhxxxxxx.rot.hec.sap.biz:50001/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#

QUAL

https://vhxxxxxx.rot.hec.sap.biz:50001/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#

PROD

https://vhxxxxxx.rot.hec.sap.biz:44300/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#

STEP 2: Load the required channel from the options and by clicking “Load from channel configuration”. (Refer below)

How to Check AAD/SPO Connection Using Advantco REST Workbench

 

Best Practice-Table 1: AAD/SPO Connection details: (Prepare this table for your ease. It will be a single point of reference for all your scenario configurations in various environments)

 

Eg:

Details

DEV (mysapdev)

TEST (mysaptest)

PREPROD (mysappreprod)

SPO URL

https://mysapdev.sharepoint.com

https://mysaptest.sharepoint.com

https://mysappreprod.sharepoint.com

Service account

mysapdev@mysapdev.onmicrosoft.com

mysaptest@mysaptest.onmicrosoft.com

mysappreprod@mysappreprod.onmicrosoft.com

Password

23qc!vA671

Qom4o80053

@4R@W96qgd

Client ID

F122d7dc-b0ca-4a85-8dd9-15bff1662d11

C456d2ee-c83f-4b03-af4d-a102c9583c84

30712d54-a206-48a9-a96e-070052409346

Key

pnAM6aEjaOk+hcJlHSuDiqZjl4QcHVvvuk5443os+pPQI=

rORN4T6hX5ksmMnIvaqxQ/2Q+xs/IqP2XRFiI9q87AdXs=

Tpf3gHD7+a8aTOVtwKVfqj1Lba7FAAmRr3FDzvc0vTD8s=

Token Endpoint

https://login.windows.net/aedd7e88-7532-464b-845a-d2ac5f571dac/

oauth2/token?client_id=f122d7dc-b0ca-4a85-8dd9-15bff1662d11&client_secret=xxxxxxxxxx%2BhcJlHSuDiqZjl

4QcVvvuk5443os%2BpPQI%3D&resource=

https%3A%2F%2Fgraph.windows.net

https://login.windows.net/ca65293a-ed1d-48a8-b5ec-820f485de621/

oauth2/token?client_id=c456d2ee-c83f-4b03-af4d-a102c9583c84&client_secret=xxxxxxxxmMnIvaqxQ%2F2Q%2B

xs%2FIqP2XFiI9q87AdXs%3D&resource=https%3A%2F%2F

graph.windows.net

https://login.windows.net/cd866524-98aa-4ddc-a1a6-993aa95c19d5

/oauth2/token?client_id=30712d54-a206-48a9-a96e-070052409346&client_secret=xxxxxxx%2Ba8aTOVtwK

Vfqj1Lba7FAAmRr3Dzvc0vTD8s%3D&resource=

https%3A%2F%2Fgraph.windows.net

 

This detail is configured in the “Authentication /Authorization” tab in the REST workbench.

Note:

The Client secret can either encoded or decoded using the online tool, http://www.urldecoder.org/

 

2. Testing AAD connection:

  • Go to “Authentication/Authorization” Tab in the REST workbench.
  • Fill in the required details manually from Table1 above to test the AAD connection, in case you are not loading the details from the channel.


How to Check AAD/SPO Connection Using Advantco REST Workbench

 

  • Click “Test Auth Configuration” button. If the connection is successful, we will get HTTP 200 response.

How to Check AAD/SPO Connection Using Advantco REST Workbench

 

Sample AAD Operation: Eg Update Azure User details

 

  • It is a POST request.
  • The resource URL should be https://graph.windows.net/mysaptest.onmicrosoft.com/users/%UserID%
  • The highlighted portion is the user ID that we want to update.( Eg: ab.cd@mysaptest.onmicrosoft.com)
  • The required HTTP headers are added in the request.
  • The response can be HTTP 204 status, without response payload.

Below is an example of updating the Azure user information from REST Workbench.

How to Check AAD/SPO Connection Using Advantco REST Workbench

 

Azure Screenshot:

How to Check AAD/SPO Connection Using Advantco REST Workbench

              

This confirms that we could connect to Azure system from REST WB.

 

Azure related information can be seen under the site, https://msdn.microsoft.com/en-us/library/azure/

 

 

3. Testing SPO Connection:

 

We have to get the Request Digest Token in order to do any SPO operation. This involves three steps;

STEP 1: Get Authorization Token



How to Check AAD/SPO Connection Using Advantco REST Workbench

 

  • Refer below, for the request that should be “posted” (remember HTTP Get/Post methods?) in this step. Change the Username and password fields in the below request according to the environment. This is for the service account we have in SPO.

How to Check AAD/SPO Connection Using Advantco REST Workbench

 

  • Click “Execute Request” button.
  • The response would be an xml. The value inside the tag “<wsse:BinarySecurityToken Id=”Compact0″>” is the authorization token.

Eg: The token would be looking like below value;

 

t=EwAoA06hBwAUbl/sgipYGM8TysUFtClJteGnuzoAAY3+JHj81irl//GZbdH5oWSmnrR5EXZTrjkYiHrdMX0fUn4VBv0fbuNfzlx4lLGV90nnlDYbT

cEpBxSXpW2tRqQQmxWPU0e6aynQyqYaNNAQN3R9RHTol1OZkLTbdouV8b/IhC58PHdyE2He4jeGDWVEWt5rWJmYX2P/VT56dJWqwpZgt

kZ3NCKc/66h3YbP98aJ4B3UY4Hqst5gHqhGC37ovUgVMRnrTOldqDCHHaMr9OqB7V9X0B4ZRVogdXvQiZb6Afpx66bku4Iig0UwtDtVfbDcGlfq

S+BbN72AMQLY5mdM7oG8ERA59GoIl6NDOKtt2dROQI2kwRAEUZihEgUDZgAACBV/+hZAeqGQ+AH36zbAOkcAbUbGfUOExWkzDZOwYa

Wv5UdvFITgKELe+RFszeXf0Mzna003KWX/QVEh8Xl1O+F/Y/AGctR4x73zNLwDzrhYEuDASP/3z2oPqQmhHfilhDIFxxilEjhiB99CKIZ/SOqsLsb

NSrWbquFo4dVNrOuyMDs/VH95X0qyv36Bey2b2XiOvU0FURvNkwSpm1+IMhtoIKH48DwABIBJHOIY0WeSfEVHq0O7OmIJ2+kv35KuWKyh6

QwTZMKEc4a3716cHaxeUm7k+pRLY4n5LYSBFWo4fDi0czVbGcoHzjQ4CK0+V9jFBZVvg0S8XBUCX8sqzmiBwnuzuwbvi+kF/72/PIim+dRmK

nm+AKaLrXZqwituVv15Z+eCiRs35DiwodAgjBrfy3wOLnjLJFVsd3wS6xRXUGwrRrew+8SEHVtzeVEKZT3HRWDqvhgeoUY1JvjDzvI+wAVgKM

qQYnw11UPehN99EXKYPYHOTLKbayftghXXDfzCFK/cRbIE1pijq6ioZvyABdw3Chnw7wC1LmPGZkX84+Tr/iPN32obNReN5/dYbwGZ4E1/QLg

nM2Na4G3oqOKfxM5AAWP74g79KesJum8FUPoWud+uWfcIa04vkOdwzEgNubX3Ng5ca8WXAQ0B9QydQxp1eBuloyEiQE9iI6c0epZ0Ag==&amp;p=

  • Concatenate “BPOSIDCRL” to the above value. We can call it as “AUTHTOKEN_VALUE


STEP 2: Get Cookie.

  • It is a GET request.
  • Resource URL should be https://mysaptest.sharepoint.com/sites/XYZ/_vti_bin/idcrl.svc/
  • The above highlighted part will change according to the environment. Refer Table 1.
  • From this step, we don’t need OAuth2.0 authorization. So, it should be set to null.
  • In the “HTTP Headers” section, paste the “AUTHTOKEN_VALUE” with the name “Authorization“
  • Click “Execute Request” button. The successful response is indicated by HTTP 200 status code.

Eg:

How to Check AAD/SPO Connection Using Advantco REST Workbench

  • The value returned by the header “Set-Cookie” is the cookie value. Let us call it as “COOKIE_VALUE”.

 

Sample Cookie Value:

SPOIDCRL=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VHJ1ZSwwaC5mfG1lbWJlcnNoaXB8MTAwM2JmZmQ5Mzg1NGN

hYUBsaXZlLmNvbSwwIy5mfG1lbWJlcnNoaXB8bWNsc2FwdGVzdEBtY2xhcmVuc2FwdGVzdC5vbm1pY3Jvc29mdC5jb20sMTMwODk4OTc3MzM1NzM0N

zcyLEZhbHNlLGZmNVVHdDNXdWJOWjNtSWFrMlUvc1JkK1AvMXNHS1NCSzF3T09QWCtOL012bEpnYURFb05uWDdyVUorem1WbC9KaFpQc2FpcEpV

bWFXdWp6Y3RaaDFpZWZnWFZUVTNrOUJYTjZPalNsNzJ6Nk95STdSZ2dIMHJ1V05sM0FGZ1NhcGE3S1JaQ3dPMEpTQkZsOExsYVh6YTBFQXpVamhl

NWhJYnVtTVR1b204WkdqR1dJRHNKQUFyekcxRHR0UzRzckRHU1JXQTVhelpFRkc3Uk1oSzhuUE9LYUNjR1ZPZ0owNStJZ1lZZlBocTRSRmk1TGFRR

3hoZnEvMVJvYUZaNDZZc3UydEx3bURCQzgxTVBKRjYxQVBpVWN2OFoyZ1hnYk1FZ0hqMGZIS0pIYVcrVEJ0RW56V0lrQ0FsRDVWYTBmdTk5dGRhTl

R1NnhsT3ZML2pIMWkvQT09LGh0dHBzOi8vbWNsYXJlbnNhcHRlc3Quc2hhcmVwb2ludC5jb20vc2l0ZXMvc3VwcGxpZXJzL192dGlfYmluL2lkY3JsLnN2Yy

88L1NQPg==; path=/; secure; HttpOnly

STEP 3: Get Digest Token

  • It is a POST request.
  • The Resource URL should be https://mysaptest.sharepoint.com/sites/XYZ/_api/contextinfo
  • The above highlighted part will change according to the environment. Refer Table 1.
  • In the “HTTP Headers” section, paste the “COOKIE_VALUE” with the name “Cookie“
  • We don’t need to paste anything in the Request Body section.
  • The response would be an XML like below;

<?xml version=”1.0″ encoding=”utf-8″?><d:GetContextWebInformation xmlns:d=”http://schemas.microsoft.com/ado/2007/08/dataservices” xmlns:m=”http://schemas.microsoft.com/ado/2007/08/dataservices/metadata” xmlns:georss=”http://www.georss.org/georss” xmlns:gml=”http://www.opengis.net/gml” m:type=”SP.ContextWebInformation”><d:FormDigestTimeoutSeconds m:type=”Edm.Int32″>1799</d:FormDigestTimeoutSeconds><d:FormDigestValue>0x8EFFC4D6F2205483163EA201308EB0C8BB9223C78907DBDAF32FEA59DF48F78B2102180B179795A1AF3CC2402CAB5D7E30C3C81A9A4963BDA19199FB191F55BD,16 Oct 2015 10:51:33 -0000</d:FormDigestValue><d:LibraryVersion>16.0.4524.1214</d:LibraryVersion><d:SiteFullUrl>https://mysaptest.sharepoint.com/sites/XYZ</d:SiteFullUrl><d:SupportedSchemaVersions m:type=”Collection(Edm.String)”><d:element>14.0.0.0</d:element><d:element>15.0.0.0</d:element></d:SupportedSchemaVersions><d:WebFullUrl>https://mysaptest.sharepoint.com/sites/XYZ</d:WebFullUrl></d:GetContextWebInformation>

  • The Digest Value is the highlighted portion above. (I.e) The value inside the tag, <d:FormDigestValue>.

So, now we have the Digest Token to do any operation in SharePoint site.

 

SAMPLE SPO OPERATION: Create SPO Site:

 

How to Check AAD/SPO Connection Using Advantco REST Workbench

 

This confirms that we could connect to SharePoint Online system from REST Workbench.