Xiting SAP Security Blog

The Changes of the REST API v2 in SAP Identity Management SP06 at a glance

by

The new Service Pack 6 from SAP Identity Management (IDM) 8.0 was released in February 2018. Many changes affect the SAP Identity Management REST interface version 2 (REST API v2). This blog lists and explains all changes to REST v2 SP06. In addition, we provide information on how to use these changes in Fiori Applications, using examples from our SAP Fiori Xiting Starter Pack for Identity Management.

The biggest change is that the opensource odata4j library has been replaced by the Apache Olingo library in theOData 2.0 Java library. It uses Open Data Protocol (OData) v2 and supports both XML-based and JavaScript Object Notation (JSON) formats.

By default, access to REST API v2 is limited to HTTPS. For security reasons, it is recommended to use HTTPS for communication with the REST v2. However, HTTP access to the REST v2 can be enabled by setting the Java system property v2.AllowHttp to true for the restapi-ear application:

Allow access to REST API v2 with HTTP

The previous version of REST API v2 supported the &selectSetSVAttributes keyword to filter out empty return values. This option is no longer supported by the new version. Instead, the Java system property v2.ReturnNullValuesInResponse for the restapi-ear application must be set to false:

Filter out “NULL” values

Compared to the previous version of the REST API v2, the new REST API v2 provides stronger and more meaningful error handling. You will receive a clear error message, as in this example of our SAP Fiori XitingStarter Pack for IDM when creating and modifying users. In this case, a manager loop was detected:

Error message when looping the manager assignment

Other new features of the new REST API v2 include creating new identities, listing identity types, and invoking assignment histories and referenced hierarchies. Everything is described in detail in the following SAP documentation:

The functions for creating new users, displaying the assignment history of business roles and privleges, and the hierarchy of business roles have been implemented in our SAP Fiori Xiting Starter Pack. In our previous blog about our SAP Fiori Xiting Starter Pack, we have already explained the individual apps in detail. Here is a screenshot of the app forcreating a new user:

HTTPS Post request to create new user

In this app, a user can be created with the general information such as display name, first and last name, validity, salutation and user type, with reference values ​​such as manager and company address, business roles and
privileges.

The entered data is sent via the HTTPS post request to the endpoint /idmrestapi/v2/service/ET_MX_PERSON. This HTTPS Postal Request contains an HTTPS header “X-HTTPS-METHOD: MERGE”and looks like this:

HTTPS request for creating a new user

After the new user’s creation, the Display User app will be called automatically:

View user details

In this app the enduser has access to the history of the assignments, e.g. who requested the authorization and who approved it:

History of an assignment

In addition, the hierarchies of business roles are displayed:

Hierarchy of a business role

The new REST API v2 provides meaningful new features, such as creating new identities, viewing reference histories and hierarchies, and listing all the entrytypes of an IDM system. With these new features, your Fiori apps can be enhanced to work better with your IDM system and to replace the old Web DynPro UI.

Our Experts

Chen Chen

Chen is a Junior SAP Security Consultant at Xiting GmbH in Germany with a strong focus on SAP Identity Management.

Latest posts by Chen Chen (see all)

    Fabian Honervogt

    Fabian started his work in the field of IT with an apprenticeship in 2006. Since 2015 he is a SAP Security Consultant at Xiting GmbH in Germany with a strong focus on SAP Identity Management and SAP Fiori.
    Fabian Honervogt