Hi Experts,
I am trying to configure RBA in SAP CIS for restricting the access of application limited to series of IP addresses (internal to a network).
While configuring the RBA, there are 2 options one is IP Range and another is Forwarded IP range.
As per the documentation, we need to provide IP range in the IP range field to define a range of IP addresses that authentication requests to Identity Authentication can be sent from. And for Forwarded IP range field, we need to define a range of IP addresses for the original IP addresses that authentication requests to Identity Authentication can be sent from. This range is used in conjunction with IP Range in scenarios where authentication requests to Identity Authentication are made by a proxy on-behalf of the user/client. And for this IP Range field needs to be defined first.
So, the question here is, if I need to limit the access to IP address which are specific to intranet (internal network IP addresses), do I still need to define public IP address range from where application would be accessed. For example, if I am defining a rule with allow authentication action and in IP Range field in I am providing internal IP address range like 10.21.0.0/16 and then try to access the application. It is not allowing me to access it and gives me error message.
However, when I insert the public IP address of my machine with CIDR range in the IP Range field I am able to access the application. So does it mean that I need to provide public IP address range in IP Range field and Internal IP address range in Forwarded IP range field for this scenario to work.
Working inputs:
Not working inputs:
Let me know how it works and any hints of how it can be configured.
Thanks
- SAP Managed Tags:
Accepted Solutions (0)
Answers (0)
| User | Count |
|---|---|
| 68 | |
| 8 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.