cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud Connector - Authentication Mechanism for Non-SAP System(s)

Go to solution
SAPSupport
Employee
Employee

on ‎03-01-2022 4:14 PM

0 Kudos

Hello Team,

We wanted to know what are alternative options available to Principal Propagation for non-SAP systems. As per our understanding, Principal Propagation only works with SAP systems.

Your help in this matter will be highly appreciable.

Thanks & Regards,


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.
Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
‎03-01-2022 4:14 PM
0 Kudos

Hi,

Presently principal propagation is only available for on-premise Abap and java servers. Please see:

https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/c84d4d0b12d34890b334998185f...

Basic authentication is what other customers use for authentication to other servers.

Kindly also check SAP Note ##11 - Requested function is not in standard system on how you can influence this development request.

Show replies
Show replies
gregorw
Active Contributor
‎03-01-2022 7:58 PM
0 Kudos

Don't get the point why certificate authentication using X.509 certificates shoul only be supported for ABAP and NetWever Java. Why should other backends not implement it?

Answers (1)

Answers (1)

AntalP
Product and Topic Expert
Product and Topic Expert
‎03-01-2022 4:33 PM
0 Kudos

Hi,

Principal propagation via client certificate is supported only for ABAP systems, for non-SAP systems Kerberos can be used

https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/f2339d896587464ab703564fd68...

"
When you now call a backend system, the Cloud Connector obtains an SPNego token from your KDC for the cloud-authenticated user. This token is sent along with the request to the back end, so that it can authenticate the user and the identity to be preserved.

"

When the non-SAP system supports SPNego the above configuration can be used.

Best regards,

Antal

Show replies
Show replies
MarkusTolksdorf
Product and Topic Expert
Product and Topic Expert
‎03-02-2022 8:22 AM

Hi,

if the non-SAP backend supports X.509 certificate logon with trust via TLS client certificate and the true certificate is passed via SSL_CLIENT_CERT header, a customer can certainly use it. What we as SAP cannot deliver then is support for the backend side in case configuration is not working as expected or shows true issues in processing. However, even for ABAP systems, HANA and NetWeaver AS Java explaining the configuration again in a support incident is not really support, but consulting that is done, where to find the relevant elements in the documentation and how to do trouble shooting.

Best regards,
Markus

gregorw
Active Contributor
‎03-02-2022 4:14 PM
0 Kudos

Thank you Markus for the clarification. I have a customer that is using the X.509 certificate authentication in it's on Java (not NetWeaver) based application. And it works just as a charm.

Ask a Question