10-09-2020 1:50 PM
Hi,
We have ABAP application to get the data from the exchange online server(Microsoft EWS) and for this, We have used the EWS web-service and Basic authentication(RFC). But we want to change authentication type from RFC to OAuth 2.0.
I have already implemented OAuth 2.0 in SAP ABAP and it is user/Delegation based. The problem with this permission type is, Every user has to login individually and request for the access token and also some of the feature is not working. So the alternative is to use the Application based permission type. Is it feasible in SAP ABAP?.
Application based means, their will be one token(it will be requested by the administrator) and this token will be used by all the user for authentication.
is SAML 2.0 bearer assertion an alternative ?
Your suggestion would be very helpful. Please assist me.
Best Regards,
Sanjay Naik.
10-17-2020 10:45 PM
This should work if I understand the requirement correctly. The services would be authenticating with OAuth and the users would be using the SAML Bearer to authenticate to maintain the audit trail. As long as the users are in the IDP that has been trusted with the SP (ABAP) then it should work. They couldnt use the same token as such but they would use the SAML to authenticate.
10-17-2020 11:23 PM
Hi sanjay_naik,
SAML is one of the feasible solutions:
https://help.sap.com/doc/saphelp_nw74/7.4.16/en-us/4a/112f1a2228101ee10000000a42189b/frameset.htm
Here is one Business example for reference:
Also, OAuth 2.0 Scopes could come handy:
Cheers,
Luis
10-27-2020 11:44 AM
HI luedazfr1
Thanks for your suggestion.
SAML will not be suitable for our application. So we are using the OAuth 2.0 Auth code grant and Oauth 2.0 Client credentials grant. Both the flow is working,But in both the flow we need to send the client secret(This we will get from Microsoft Azure) while requesting the access token code. I don't know, how to send the client secret. is it to be encrypted?. In the Microsoft documentation it is given that, client secret should be URI encoded.
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Best Regards,
Sanjay
10-27-2020 12:59 PM
Greetings sanjay_naik,
Our fellow community member Divya Mary has created this blog, which should shed a light for your topic on how to send the client secret.
Secure connectivity (OAuth) to SAP Cloud Platform Integration
https://blogs.sap.com/2018/03/12/part-1-secure-connectivity-oauth-to-sap-cloud-platform-integration/
Cheers,
Luis
01-03-2023 9:52 AM
Hi Sanjay
I know this is an old post. But did you manage to connect to EWS with oAuth withput having each user loggin in?