Skip to Content

Security SICF for external use?

Aug 05, 2017 at 01:31 AM


avatar image

What is the proper method for security a SICF web service for consumption by external applications?

Currently it's setup to use SAP authentication for our normal use to restrict the data that is pulled but I need a option b for applications to access the service. Is there a way to crate a oauth type of token to be used?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Frank Schuler
Aug 06, 2017 at 05:25 AM

Hello Vi,

The OAuth 2.0 implementation in AS ABAP supports two kinds of OAuth 2.0 flows as defined in the OAuth 2.0 specification:

  • SAML 2.0 Bearer Assertion Flow
  • Authorization Code Flow

OAuth 2.0 - Constrained Authorization and Single Sign-On for OData Services

Another option would be to expose your service via NetWeaver Gateway:

NetWeaver Gateway Service Enabling and OAuth 2.0 Scope Creation

Best regards


Show 1 Share
10 |10000 characters needed characters left characters exceeded

Frank, I'm looking at the 2nd link you provided about the Scope Creation. How would my custom service that I created within SICF appear in the "Active / Maintenance Services" screen of SPRO? Do I need to make a corresponding service within SOAManager for my custom SICF service?