Skip to Content

Security SICF for external use?

What is the proper method for security a SICF web service for consumption by external applications?

Currently it's setup to use SAP authentication for our normal use to restrict the data that is pulled but I need a option b for applications to access the service. Is there a way to crate a oauth type of token to be used?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Aug 06, 2017 at 05:25 AM

    Hello Vi,

    The OAuth 2.0 implementation in AS ABAP supports two kinds of OAuth 2.0 flows as defined in the OAuth 2.0 specification:

    • SAML 2.0 Bearer Assertion Flow
    • Authorization Code Flow

    OAuth 2.0 - Constrained Authorization and Single Sign-On for OData Services

    Another option would be to expose your service via NetWeaver Gateway:

    NetWeaver Gateway Service Enabling and OAuth 2.0 Scope Creation

    Best regards


    Add comment
    10|10000 characters needed characters exceeded

    • Frank, I'm looking at the 2nd link you provided about the Scope Creation. How would my custom service that I created within SICF appear in the "Active / Maintenance Services" screen of SPRO? Do I need to make a corresponding service within SOAManager for my custom SICF service?