	Product(s):	APM Implementation and Performance Management
	Version(s):	7.11 +
	Environment:	N/A
	Area:	N/A
	Subarea:	N/A

Problem Description

User environment is integrated with SAP via SAP Gateway (CMMS Interoperability). When the user acknowledges alarm with a Notification, the user received the following error, "Ivara.EXPLink.IVSTAGE.ApmToSapWebRequestException: CSRF token validation failed at …".

Solution

After confirming that the user has set-up the ZAAPM External Data Service in SAP is set-up with Basic Authentication. It was found that sending the web requests through the http port was not working. The User had both HTTP and HTTPS web services set-up in SAP. The user's APM smart-client application server service was set-up to HTTPS but the SAP External Data Provider URL was set to HTTP. Change the APM External Data Provider's Url to HTTPS and using the proper port for the SAP ZAPM External Data Provider service addressed the issue.

It is important to note, that for this user the ?SPnego=disabled parameter was removed from the Base Service Url, as for this specific user instance was not set-up with complex authentication such as Kerberos or SSL. The SPNego parameter may have to be used in some user environments where their SAP authentication is set-up differently.

Also note, if an SAP Network Gateway hub system is configured to support SSL because of security reasons, your system administrators will also configure it to automatically redirect all HTTP requests to HTTPS to secure your system fully. The redirect setting is done by the instance profile parameter "icm/HTTP/redirect_xx". If you want to use HTTP for tests, you have to ask your system administrators to remove this redirect setting. Do not forget to set the instance profile parameter "login/ticket_only_by_https" to 0.

Alarm Acknowledgement SAP Notification fails due to CSRF Token Authentication in SAP Gateway (CMMS I

Problem Description

Solution

See Also