cancel
Showing results for 
Search instead for 
Did you mean: 

side-by-side extension with API that don't support OAuth2

jenny_slay
Participant
0 Kudos

Hi All,

We are developing a Fiori App with side-by-side extension option for our S/4HANA Cloud system. We want to have single-sign-on for our new build Fiori app. We are using two APIs Purchase order (scenario SAP_COM_0053), Material Document (Scenario SAP_COM_0108). Purchase Order API support OAuth2 whereas Material document doesn’t support OAuth2. Material document only support Basic, x509.

Is it possible to create a Fiori app with single-sign-on features with x509 Authentication Methods?

Do we need to create two separate SAP BTP Destination one with OAuth2 for Purchase Order and another with x509 for Material document for our Fiori App ?

Regards, Jenni

quovadis
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello Jennifer,

I am managing this with SAP API Management - I have created separated products or groups of APIs for these S4HC ODATA APIs that support OAuth2.0 with SAML2 bearer assertion and for those S4HC ODATA APIs that only support basic authentication (or client x.509).

With APM I have also found a convenient tool/workbench to promptly test S4HC APIs from different communication scenarios...

I hope that helps...

best wishes, Piotr

Accepted Solutions (1)

Accepted Solutions (1)

quovadis
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Jennifer,

I appreciate your comments and thanks for reading my blog.

Here goes the freshly published blog post on How to generate SAML bearer assertion token with SAP BTP Destination Service?.

The saml bearer assertion generation method that I describe e.i. leveraging the destination service can work with both S/4HANA on premise and S/4HANA Cloud.

If you have any question regarding this approach or encounter a problem during your testing please use the blog post comment section so I or other colleagues from the community can help.

thanks. Piotr

PS.

You may also have a look at the entire line-up of the blog posts on the OAuth2SAML2Assertion

Answers (3)

Answers (3)

jenny_slay
Participant
0 Kudos

Hi Piotr,

Much appreciated for your help. I will go through the blog. thanks

Regards, Jenni

jenny_slay
Participant
0 Kudos

Hi Piotr,

Thanks for your replay. Blog for OAuth2SAMLBearerAssertion is very helpful and informatic.

Appreciate if you can provide some documents or URL link that I can follow for create a destination with SAML Bearer Assertion authentication for S4HANA Cloud. thanks

Regards, Jenni

quovadis
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello Jennifer,

I have come up with the following solution.

a. Use the OAuth2SAML2 bearer assertion flow the OAuth2.0 enabled S4HC ODATA APIs like I describe it in this blog post: OAuth2SAMLBearerAssertion Flow with the SAP BTP Destination Service. S/4HANA Cloud.

b. Use the SAML Bearer Assertion authentication with the API which are not OAuth2.0 enabled.

Regarding the latter point I was able to implement it with the Material Document (Scenario SAP_COM_0108) API you are referring to. In a nutshell you can either use the SAP BTP Destination service to generate the saml bearer assertion for your ACS endpoint (=your saml recipient) or APM. (I did it both ways.)

I hope that helps. best regards, Piotr