Connection between AWS AppFlow and SAP OData fails with error 401


Hi all,We are currently connecting to the OData interface located inside the VPC through Appflow, referring to SAP's blog, and currently receiving the following error:

Error authenticating to connector: Unauthorized request: msg=The request to SAP failed with the status code: 401 and error message: Unauthorized.

On the common errors page for AppFlow I can't find this error and also searching community forums didn't really help so far. Has anyone ever experienced this problem or has any suggestion how to resolve this? Any help is very much appreciated.


1 Answer
Accepted Answer

Hi Liuyang, When attempting to connect to a SAP system using the Appflow SAP connector, the following scenarios can result in error code 401:

  1. The basic authentication credentials provided in the connection parameters are not correct. When the basic authentication parameters are not keyed in correctly, SAP will reject the request with HTTP error code 401.

  2. The SAP user that is used for establishing the connection is locked or does not exist. Please verify the SAP user data to ensure the user is not locked and has all the required permissions.

  3. The SAP system has been configured for single sign-on (SSO) using the SAML IDP provider, or it has been configured for Kerberos. Appflow currently supports Basic and OAuth 2.0 as authentication mechanisms. If your SAP system is configured for SSO, switch to OAuth 2.0 as the authentication mechanism. If you use basic authentication when setting up your SAP system for SSO, SAP will not execute the basic logon as part of the logon procedure.

  4. When establishing a connection via private link, make sure the network load balancer is highly available and has been enabled for cross-zone load balancing. Additionally, ensure the target group does not preserve the client IP address when forwarding the traffic to your target IP. If these are not configured accordingly, it can lead to 401 errors.

  5. Your security groups associated with SAP instances do not allow traffic from the load balancer on the required HTTP/HHTPS ports; this can lead to a 401 error. Ensure your security groups associated with SAP allow traffic from the load balancer on the required HTTP and HTTPS ports.

Hope this helps.

answered a year ago
profile picture
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions