Skip to Content

Principal Propagation with external user ID mapping

Hi Guys,

I have done all the necessary configuration in Cloud connector, SCP destination and External ID mapping in ECC.

When try to access Gateway odata service using WEBIDE, Prompt is asking for ECC user name and password. But i need to access gateway services with the ECC password according to principal probagation.

Please help me to find what i have missed in the configuration.



Add comment
10|10000 characters needed characters exceeded

1 Answer

  • Posted on Jun 06, 2019 at 08:41 PM

    Dear Balasubramanian,

    Most of the similar issues are causes by misconfiguration, please see some prerequisites:

    -Make sure that the SAP Cloud Platform application is authenticated with SAML, in HTTP destination Principal Propagation is set.
    Make sure that in SAP Cloud Connector the Principal Type is set to X.509 Certificate for the corresponding on-premise system.
    -The following guide is a good hint to check the configuration:

    In case all these steps are done you need to troubleshoot the issue by turning on debug traces:

    -Turn all logs to debug in logs and traces of SCC UI
    -Turn on ABAP security trace
    -Turn on level 3 ICM trace
    -Then reproduce the issue

    Once you have the logs most of the troubleshooting steps are described in the wiki:

    and in the Guided Answers (you can find the link in the KBA):

    KBA: 2701137 - SAP Cloud Connector - Guided Answers -> Open "SAP Cloud Connector - Guided Answers" -> HTTP request from Cloud platform to on-premise system -> Backend system responses with 401 HTTP code

    However, you get user popup but in the background logic it is a 401 http response in case Principal Propagation is set.

    Best Regards,
    Barnabás Paksi

    Add comment
    10|10000 characters needed characters exceeded