2587606 - Connection between SAP Analytics Cloud and SAP Hybris Marketing (S/4HANA Cloud) retrieves Failed to connect to system with OAuth 2 SAML Bearer Assertion method

SAP Knowledge Base Article - Public

2587606 - Connection between SAP Analytics Cloud and SAP Hybris Marketing (S/4HANA Cloud) retrieves Failed to connect to system with OAuth 2 SAML Bearer Assertion method

Symptom

  • Connection between SAP Analytics Cloud and SAP Hybris Marketing can not be established using OAuth 2.0 SAML Bearer Assertion authentication method
  • "Failed to connect to system" error message appears when creating the connection in SAP Analytics Cloud
  • The following error statements are being generated in the Chrome Developer Tool logs:
    • "Internal Server Error, 500"
    • "Error Code: 3100, Error Message: Cannot return OAuth 2.0 SAML Bearer Assertion because of com.sap.core.connectivity.apiext.impl.authentication.assertion.oauth.OAuthTokenGenerationException: Could not retrieve OAuth 2.0 access token for user <USERID_IN_IDP>, Public URL: https:\\/\\/<SAC_SYSTEM_URL>, Path: \\/s4hcremotes\\/<CONNECTION_NAME>\\/sap\\/bw\\/ina\\/GetServerInfo"

Environment

  • SAP Analytics Cloud
  • SAP Hybris Marketing Cloud

Reproducing the Issue

  1. Follow the instructions to connect SAP Analytics Cloud to SAP Hybris Marketing system as per the SAP Hybris User Guide.
  2. In SAP Analytics Cloud add a new Live Data Connection > SAP S/4HANA > S/4HANA Cloud
  3. Fill in the necessary information for OAuth (Token Service User, Token Service Password and OAuth Scope).
  4. Click on the OK and the error message appears.

Cause

The user with ID "<USERID_IN_IDP>" does not exist in the Hybris system as a business user, therefore the connection can't be set and no token being retreived.

Resolution

Make sure you've set up SSO on SAP Analytics Cloud and maintained the ID of business user: "<USERID_IN_IDP>" in the Custom SAML Mappping column under Security > Users.

Ensure that the Token Service User is not locked.

It can be unlocked via the following steps.

  1. Browse to and log on to https://<mytenant>.s4hana.ondemand.com
  2. Search in Apps for User
  3. Click the Display Technical Users tile
  4. Search for your Token Service User
  5. Check the check box for the Token Service Technical User
  6. Click "Unlock"

See Also

Your feedback is important to help us improve our knowledge base.
Please rate how useful you found this article by using the star rating feature at the beginning of this article.
Thank you.

Keywords

BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, conectando, conexão, modelo, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,s/4, hana, cloud, marketing, integration, locked, unlock , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , Problem

Product

SAP Analytics Cloud 1.0