Hi,

We are trying to connect S/4 HANA OnPremise system to SAP Cloud Platform using OAuth2SAMLBearerAssertion. We have exposed OData services in S/4 Hana using SAP Netweaver Gateway and enabled oAuth for these services.

Also,we have added our SCP's local provider as a Trusted oAuth2 IDP in S/4 HANA system. Also we have created an oAuth client in the S/4 System with Grant Type - SAML 2.0 Bearer. The oAuth Client accepts email id as the nameIdFormat.

I have maintained the following destination configuration -

• URL - Virtual Host configured in Cloud Connector. Points to S/4 OnPremise system.
• Audience - Local Service Provider configured in S/4. Also tried using the token URL.
• Token URL - Access Token URL exposed by Auth server.
• Client Key/Token Service User - OAuth2 Client created in S/4 system
• authnContextClassRef - urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
• nameIdFormat - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
• scope - As configured for OData service

When we use this destination in WEB IDE, we get 500 Internal server error. Are we missing anything in the configuration at S/4 side or in SCP ?

Note - Basic Authentication works fine for the above scenario. So the cloud connector setup is fine.

Regards,

Piyush