cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud connector Principle Propagation

raffinkira
Participant

on ‎01-22-2019 7:33 AM

0 Kudos

Hi experts,

I have questions about this topic. In my scenario, I have an application that is on cloud and on-premise SAP system, cloud connector is being used. I have read through the tech guide: https://cloudplatform.sap.com/scenarios/techguides.html

In a nutshell, can I just say Principle Propagation is used to make sure the caller of SAP system is a validated and session alive user in cloud platform?

If it is true, does the user name have to be same for cloud platform and SAP system?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

pjcools
Active Contributor
‎01-23-2019 10:29 AM
0 Kudos

Hi Ming

As I said in one of the other questions - Principal Propagation is the mechanism by which a user is identified from the cloud (based on an identity provider login) all the way back to the SAP on-premise system. Most of the time, the userids are NOT the same. For e.g. an identity provider login may be firstname.lastname@companyA.com.au which represents myself in the identity provider (or Active Directory in most instances) where as my userid in the SAP onpremise system maybe PCOOLEY. There are ways to map these two so you know for sure they match - this can occur in transaction EXTID_DN or via a short lived certificate generated in the Cloud Connector.

This is a major security topic and is for the most part tricky to set up but there is alot of documentation out there now on this security method.

Best of luck

Thanks

Phil Cooley

Show replies
Show replies
Ask a Question