How to Check AAD/SPO Connection Using Advantco REST Workbench

Written by Admin | Nov 6, 2017 2:10:00 PM

Recently, I had a chance to work with windows Azure and SharePoint integration with SAP PI 7.4. In this blog, I will be sharing the use of Advantco REST adapter workbench and how to check AAD/SPO connection from the same.

1. PREPARATION STEPS:

STEP 1: Login to REST Workbench. For example, we have different URLs to access the REST WB in different environments.

DEV	https://vhxxxxxx.rot.hec.sap.biz:50001/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#
QUAL	https://vhxxxxxx.rot.hec.sap.biz:50001/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#
PROD	https://vhxxxxxx.rot.hec.sap.biz:44300/webdynpro/dispatcher/advantco.com/rest~workbench/RESTAdapterWorkbench#

STEP 2: Load the required channel from the options and by clicking “Load from channel configuration”. (Refer below)

Best Practice-Table 1: AAD/SPO Connection details: (Prepare this table for your ease. It will be a single point of reference for all your scenario configurations in various environments)

Eg:

Details	DEV (mysapdev)	TEST (mysaptest)	PREPROD (mysappreprod)
SPO URL	https://mysapdev.sharepoint.com	https://mysaptest.sharepoint.com	https://mysappreprod.sharepoint.com
Service account	mysapdev@mysapdev.onmicrosoft.com	mysaptest@mysaptest.onmicrosoft.com	mysappreprod@mysappreprod.onmicrosoft.com
Password	23qc!vA671	Qom4o80053	@4R@W96qgd
Client ID	F122d7dc-b0ca-4a85-8dd9-15bff1662d11	C456d2ee-c83f-4b03-af4d-a102c9583c84	30712d54-a206-48a9-a96e-070052409346
Key	pnAM6aEjaOk+hcJlHSuDiqZjl4QcHVvvuk5443os+pPQI=	rORN4T6hX5ksmMnIvaqxQ/2Q+xs/IqP2XRFiI9q87AdXs=	Tpf3gHD7+a8aTOVtwKVfqj1Lba7FAAmRr3FDzvc0vTD8s=
Token Endpoint	https://login.windows.net/aedd7e88-7532-464b-845a-d2ac5f571dac/ oauth2/token?client_id=f122d7dc-b0ca-4a85-8dd9-15bff1662d11&client_secret=xxxxxxxxxx%2BhcJlHSuDiqZjl 4QcVvvuk5443os%2BpPQI%3D&resource= https%3A%2F%2Fgraph.windows.net	https://login.windows.net/ca65293a-ed1d-48a8-b5ec-820f485de621/ oauth2/token?client_id=c456d2ee-c83f-4b03-af4d-a102c9583c84&client_secret=xxxxxxxxmMnIvaqxQ%2F2Q%2B xs%2FIqP2XFiI9q87AdXs%3D&resource=https%3A%2F%2F graph.windows.net	https://login.windows.net/cd866524-98aa-4ddc-a1a6-993aa95c19d5 /oauth2/token?client_id=30712d54-a206-48a9-a96e-070052409346&client_secret=xxxxxxx%2Ba8aTOVtwK Vfqj1Lba7FAAmRr3Dzvc0vTD8s%3D&resource= https%3A%2F%2Fgraph.windows.net

This detail is configured in the “Authentication /Authorization” tab in the REST workbench.

Note:

The Client secret can either encoded or decoded using the online tool, http://www.urldecoder.org/

2. Testing AAD connection:

Go to “Authentication/Authorization” Tab in the REST workbench.
Fill in the required details manually from Table1 above to test the AAD connection, in case you are not loading the details from the channel.

Click “Test Auth Configuration” button. If the connection is successful, we will get HTTP 200 response.

Sample AAD Operation: Eg Update Azure User details

It is a POST request.
The resource URL should be https://graph.windows.net/mysaptest.onmicrosoft.com/users/%UserID%
The highlighted portion is the user ID that we want to update.( Eg: ab.cd@mysaptest.onmicrosoft.com)
The required HTTP headers are added in the request.
The response can be HTTP 204 status, without response payload.

Below is an example of updating the Azure user information from REST Workbench.

Azure Screenshot:

This confirms that we could connect to Azure system from REST WB.

Azure related information can be seen under the site, https://msdn.microsoft.com/en-us/library/azure/

3. Testing SPO Connection:

We have to get the Request Digest Token in order to do any SPO operation. This involves three steps;

STEP 1: Get Authorization Token

It is a POST request.
Resource URL should be https://login.microsoftonline.com/rst2.srf
Authentication should be OAuth2.0 with the details given in Table1.

Refer below, for the request that should be “posted” (remember HTTP Get/Post methods?) in this step. Change the Username and password fields in the below request according to the environment. This is for the service account we have in SPO.

Click “Execute Request” button.
The response would be an xml. The value inside the tag “<wsse:BinarySecurityToken Id=”Compact0″>” is the authorization token.

Eg: The token would be looking like below value;

t=EwAoA06hBwAUbl/sgipYGM8TysUFtClJteGnuzoAAY3+JHj81irl//GZbdH5oWSmnrR5EXZTrjkYiHrdMX0fUn4VBv0fbuNfzlx4lLGV90nnlDYbT

cEpBxSXpW2tRqQQmxWPU0e6aynQyqYaNNAQN3R9RHTol1OZkLTbdouV8b/IhC58PHdyE2He4jeGDWVEWt5rWJmYX2P/VT56dJWqwpZgt

kZ3NCKc/66h3YbP98aJ4B3UY4Hqst5gHqhGC37ovUgVMRnrTOldqDCHHaMr9OqB7V9X0B4ZRVogdXvQiZb6Afpx66bku4Iig0UwtDtVfbDcGlfq

S+BbN72AMQLY5mdM7oG8ERA59GoIl6NDOKtt2dROQI2kwRAEUZihEgUDZgAACBV/+hZAeqGQ+AH36zbAOkcAbUbGfUOExWkzDZOwYa

Wv5UdvFITgKELe+RFszeXf0Mzna003KWX/QVEh8Xl1O+F/Y/AGctR4x73zNLwDzrhYEuDASP/3z2oPqQmhHfilhDIFxxilEjhiB99CKIZ/SOqsLsb

NSrWbquFo4dVNrOuyMDs/VH95X0qyv36Bey2b2XiOvU0FURvNkwSpm1+IMhtoIKH48DwABIBJHOIY0WeSfEVHq0O7OmIJ2+kv35KuWKyh6

QwTZMKEc4a3716cHaxeUm7k+pRLY4n5LYSBFWo4fDi0czVbGcoHzjQ4CK0+V9jFBZVvg0S8XBUCX8sqzmiBwnuzuwbvi+kF/72/PIim+dRmK

nm+AKaLrXZqwituVv15Z+eCiRs35DiwodAgjBrfy3wOLnjLJFVsd3wS6xRXUGwrRrew+8SEHVtzeVEKZT3HRWDqvhgeoUY1JvjDzvI+wAVgKM

qQYnw11UPehN99EXKYPYHOTLKbayftghXXDfzCFK/cRbIE1pijq6ioZvyABdw3Chnw7wC1LmPGZkX84+Tr/iPN32obNReN5/dYbwGZ4E1/QLg

nM2Na4G3oqOKfxM5AAWP74g79KesJum8FUPoWud+uWfcIa04vkOdwzEgNubX3Ng5ca8WXAQ0B9QydQxp1eBuloyEiQE9iI6c0epZ0Ag==&p=

Concatenate “BPOSIDCRL” to the above value. We can call it as “AUTHTOKEN_VALUE”

STEP 2: Get Cookie.

It is a GET request.
Resource URL should be https://mysaptest.sharepoint.com/sites/XYZ/_vti_bin/idcrl.svc/
The above highlighted part will change according to the environment. Refer Table 1.
From this step, we don’t need OAuth2.0 authorization. So, it should be set to null.
In the “HTTP Headers” section, paste the “AUTHTOKEN_VALUE” with the name “Authorization“
Click “Execute Request” button. The successful response is indicated by HTTP 200 status code.

Eg:

The value returned by the header “Set-Cookie” is the cookie value. Let us call it as “COOKIE_VALUE”.

Sample Cookie Value:

SPOIDCRL=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VHJ1ZSwwaC5mfG1lbWJlcnNoaXB8MTAwM2JmZmQ5Mzg1NGN

hYUBsaXZlLmNvbSwwIy5mfG1lbWJlcnNoaXB8bWNsc2FwdGVzdEBtY2xhcmVuc2FwdGVzdC5vbm1pY3Jvc29mdC5jb20sMTMwODk4OTc3MzM1NzM0N

zcyLEZhbHNlLGZmNVVHdDNXdWJOWjNtSWFrMlUvc1JkK1AvMXNHS1NCSzF3T09QWCtOL012bEpnYURFb05uWDdyVUorem1WbC9KaFpQc2FpcEpV

bWFXdWp6Y3RaaDFpZWZnWFZUVTNrOUJYTjZPalNsNzJ6Nk95STdSZ2dIMHJ1V05sM0FGZ1NhcGE3S1JaQ3dPMEpTQkZsOExsYVh6YTBFQXpVamhl

NWhJYnVtTVR1b204WkdqR1dJRHNKQUFyekcxRHR0UzRzckRHU1JXQTVhelpFRkc3Uk1oSzhuUE9LYUNjR1ZPZ0owNStJZ1lZZlBocTRSRmk1TGFRR

3hoZnEvMVJvYUZaNDZZc3UydEx3bURCQzgxTVBKRjYxQVBpVWN2OFoyZ1hnYk1FZ0hqMGZIS0pIYVcrVEJ0RW56V0lrQ0FsRDVWYTBmdTk5dGRhTl

R1NnhsT3ZML2pIMWkvQT09LGh0dHBzOi8vbWNsYXJlbnNhcHRlc3Quc2hhcmVwb2ludC5jb20vc2l0ZXMvc3VwcGxpZXJzL192dGlfYmluL2lkY3JsLnN2Yy

88L1NQPg==; path=/; secure; HttpOnly

STEP 3: Get Digest Token

It is a POST request.
The Resource URL should be https://mysaptest.sharepoint.com/sites/XYZ/_api/contextinfo
The above highlighted part will change according to the environment. Refer Table 1.
In the “HTTP Headers” section, paste the “COOKIE_VALUE” with the name “Cookie“
We don’t need to paste anything in the Request Body section.
The response would be an XML like below;

<?xml version=”1.0″ encoding=”utf-8″?><d:GetContextWebInformation xmlns:d=”http://schemas.microsoft.com/ado/2007/08/dataservices” xmlns:m=”http://schemas.microsoft.com/ado/2007/08/dataservices/metadata” xmlns:georss=”http://www.georss.org/georss” xmlns:gml=”http://www.opengis.net/gml” m:type=”SP.ContextWebInformation”><d:FormDigestTimeoutSeconds m:type=”Edm.Int32″>1799</d:FormDigestTimeoutSeconds><d:FormDigestValue>0x8EFFC4D6F2205483163EA201308EB0C8BB9223C78907DBDAF32FEA59DF48F78B2102180B179795A1AF3CC2402CAB5D7E30C3C81A9A4963BDA19199FB191F55BD,16 Oct 2015 10:51:33 -0000</d:FormDigestValue><d:LibraryVersion>16.0.4524.1214</d:LibraryVersion><d:SiteFullUrl>https://mysaptest.sharepoint.com/sites/XYZ</d:SiteFullUrl><d:SupportedSchemaVersions m:type=”Collection(Edm.String)”><d:element>14.0.0.0</d:element><d:element>15.0.0.0</d:element></d:SupportedSchemaVersions><d:WebFullUrl>https://mysaptest.sharepoint.com/sites/XYZ</d:WebFullUrl></d:GetContextWebInformation>

The Digest Value is the highlighted portion above. (I.e) The value inside the tag, <d:FormDigestValue>.

So, now we have the Digest Token to do any operation in SharePoint site.

SAMPLE SPO OPERATION: Create SPO Site:

It is a POST request.
Resource URL should be, https://mysaptest.sharepoint.com/sites/XYZ/_api/web/webinfos/add
Insert the headers “cookie” and “X-RequestDigest”.
Click “Execute Request” button.
The response would be with HTTP 200 or HTTP 204 header with/without an XML depending on the operation.

This confirms that we could connect to SharePoint Online system from REST Workbench.

View full post