cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Principal-propagation authentication in connectivity service in SCP

Go to solution
raffinkira
Participant

on ‎01-20-2019 3:58 AM

0 Kudos

Hi all,

We have a UI5+ABAP system and we are using principal propagation authentication in connective service.

I have a question about principal propagation. Please take a look at the below picture.

My question is, does Cloud Connector interact with SAP idp service when data transfers from UI5 application to on-premise SAP system?

Besides, I would be very appreciate if someone can explain "principal propagation" in some simple words.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pjcools
Active Contributor
‎01-20-2019 5:03 AM
0 Kudos

Hi Ming

Not sure what you mean about Cloud Connector interacting with the SAP iDP service - the userid would be passed through to the Cloud Connector essentially if the X509 certificate setting is made in the Access Control settings.

In simple terms I would say Principal Propagation is the security method of identifying the user from the Cloud (the iDP being utilised to authenticate into the Fiori Launchpad or HTML5 applications) all the way through to backend systems (SAP Business Suite, S/4HANA, SAP HANA DB's etc).

Plenty of information on the various security methods here -> https://cloudplatform.sap.com/scenarios/techguides.html

Hope this helps!

Thanks

Phil Cooley

Show replies
Show replies
raffinkira
Participant
‎01-20-2019 10:54 AM
0 Kudos

I mean if Cloud Connector would verify the user who requested the back-end service from IDP service.

I think the verification should also be made when requesting data from back-end server, through IDP service.

Please correct me if I was wrong.

raffinkira
Participant
‎01-20-2019 11:09 AM

After going through "https://cloudplatform.sap.com/scenarios/usecases/principal-propagation.html", I think I figure it out.

The IdP service and Cloud Connector do have connection.

"Once the user has been verified against an identity provider (IdP), a SAML assertion token is passed to the cloud connector to generate a short-lived certificate, that can be passed along with the request to the back-end system."

Answers (0)

Ask a Question