cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud SDK - Principal Propogation & Cloud Connector

Go to solution
vfweiss
Participant

on ‎02-13-2020 1:28 PM

0 Kudos

Hello All,

We have been using the SAP Cloud SDK with a service user to our on-premise backend, so far so good.
However now we are trying to enable Principal Propagation.

So we set the destination to On Premise and the Authentication method to PrincipalPropagation.

However this causes the Execute to fail, with the thrown error:

Failed to build authorization header for the given destination. Make sure to either correctly configure your destination for principal propagation, provide both a username and a password or select "NoAuthentication" in your destination configuration.

I found that this came from buildAuthHeader in the authorization-header.js as the case 'PrincipalPropagation' isn't covered.
Is it possible to use PrincipalPropagation with the SAP Cloud SDK to an On Premise system? And if so, what am I missing? 😄

Thanks in advance,

Vincent

Show replies
Show replies
dhem
Active Participant
‎02-13-2020 1:33 PM

Hi Vincent, we are aware that this is currently not working properly in the SAP Cloud SDK for JavaScript and are already tracking it in our backlog. Is this a critical issue for you or is it possible to work around it for now?

vfweiss
Participant
‎02-13-2020 1:35 PM
0 Kudos

If it's fixable by using a workaround by adding custom headers, I could try that, but I don't know how and what exactly I should do in that case. (Was thinking set to No Authentication and add custom stuff, but so far I haven't got that working).

Else we need to switch to a Service User, but for traceability that is not the preferred way. (Manually forward Username and update it in SAP after and such).

dhem
Active Participant
‎02-13-2020 1:47 PM

This may sound strange, but can you try the following: I'm assuming you're already passing the user's jwt when executing the request (otherwise principal propagation won't work anyway). Can you set the authentication to "NoAuthentication" and see what happens then (i.e. without doing anything else in terms of custom headers and so)?

vfweiss
Participant
‎02-13-2020 2:09 PM
0 Kudos

That seems to be working indeed 🙂

dhem
Active Participant
‎02-13-2020 4:08 PM

Glad to hear it worked! I'll write that up in the answer, just to make the workaround more visible to others. We will fix this in an upcoming release.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

frank_essenberger1
Employee
Employee
‎04-03-2020 10:24 AM

I also put this as an answer, because in a comment this could be overseen. We fixed the bug in the SDK that now also with AuthenticationType "PrincipalPropagation" the user should be propagated. The old work around using "NoAuthentication" keeps working in the versions 1.X.Y of the SDK. We plan to remove this from version 2.X.Y onwards.

Show replies
Show replies
vfweiss
Participant
‎04-03-2020 10:42 AM
0 Kudos

Thank you Frank. Also switched this as the Active Answer now, so people can see the most up to date information on top. 🙂

Answers (1)

Answers (1)

dhem
Active Participant
‎02-13-2020 4:09 PM

Principal propagation with SAP S/4HANA OnPremise is currently slightly buggy. You can work around it by changing the AuthenticationType from "PrincipalPropagation" to "NoAuthentication" and keeping the rest of the configuration as is.

Show replies
Show replies
marcmaurí
Participant
‎03-04-2020 11:04 AM
0 Kudos

Hi Dennis,

Let me take advantage of your answer to launch a related question.

Does this solution also apply when the target is an S/4 Hana Cloud system?

Thanks in advance.

Best regards,

Marc

dhem
Active Participant
‎03-04-2020 11:19 AM
0 Kudos

Hi Marc,

no, this won't help you when it comes to SAP S/4HANA Cloud. There is an execellent blog post by my colleague Marco on how to configure principal propagation with S/4HANA Cloud. However, I see that you've already commented on this blog post. Are there problems that you're currently facing with principal propagation?

Best regards,
Dennis

marcmaurí
Participant
‎03-04-2020 12:59 PM
0 Kudos

Thank you very much Dennis!
I tried to implement principal propagation a few months ago with a java app, but I didn't get success and I set basic authentication.
Now I'm back to it, but trying to implement it in a nodejs CAP based application. I will follow the blog again and in case of any problem, I will let you know.
Kind regards,
Marc

frank_essenberger1
Employee
Employee
‎04-03-2020 10:23 AM
0 Kudos

We fixed the bug in the SDK that now also with AuthenticationType "PrincipalPropagation" the user should be propagated. The old work around using "NoAuthentication" keeps working in the versions 1.X.Y of the SDK. We plan to remove this from version 2.X.Y onwards.

Ask a Question