Skip to Content
author's profile photo Former Member
Former Member

HCI OData Provisioning connecting Backend with SSO

Hi everyone,

I am trying to configure a destination to my ERP using SAP Single Sign On as authentication on HCI OData Provisioning.

I've already succeeded in configuring the destination to ERP with basic authentication but the documentation to do the same with SSO is not clear.

I am using an HTTP connection to my Back-end ABAP ERP on Cloud Connector.

What i'm trying to accomplish is, that users log into Hana Cloud with their scn accounts and then Hana propagates that credentials to ERP and associates that to a SAP ERP user like in Principal Propagation Authentication.

I tried to configured SAP Single Sign On to achieve this but i am not sure wich steps should i do.

On this screen:

If i want to use SAP ID Service as idp, what should I put in Issuer System ID and Isuer Client? and in Certificate/Singing Key?

Same question to this steps:

Could someone give me some help?



Captura.PNG (32.7 kB)
Captura2.PNG (35.9 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Jul 01, 2015 at 07:35 AM

    Hello Andres,

    please take a look at the Cloud Connector pages for Principal Propagation: SAP HANA Cloud Platform (and sub-chapters). I hope that should answer most of your questions. Let us know, if you still need help with some particular questions.

    Best Regards, Ulrich

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Ulrich,

      Thank you. However, HCI Odata provisioning does not allow the usage of principal propagation (like HCP Destinations does). It only accepts SAP Assertion SSO.

      I finally got it working despite HCI Odata Provisioning poor documentation. For the ones that are looking for the same thing:

      It doesn't matter what you put in Issuer Client and System ID, as long as you put the same in ACL on ERP, also the certificate and signing key are a self-signed DSA certificate created by you.

      Regards ,

      Andres Nebel

  • author's profile photo Former Member
    Former Member
    Posted on Jul 20, 2016 at 01:02 PM

    Hi Andres,

    I am also trying to perform the same steps.

    I have generated self-signed certificates(HCC_ROOT and HCC_Intermediate) on hana cloud connector through openssl.

    Can you please suggest what values should be entered to below fields:

    1) Certificate

    2) Signing Key

    Thanks in andvance..!!


    Khushbu Prajapati

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 20, 2016 at 05:42 PM

    Hi Anders,

    Can you please provide reference document of SAP Assertion SSO. Configuration.

    We have followed

    How to Configure HCPms for Principal Propagation to SAP ABAP or Java Based Systems but unfortunately no success.

    Thanks in advance..


    Meghal Shah

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.