
Transitioning to Certificate-Based Authentication for your EC Payroll and SAP Integration Suite Integration
Discover the shift in cybersecurity as SAP recommends certificate-based authentication over traditional username/password methods.
As you may know, SAP advises using certificate-based authentication instead of user/password authentication, and they have good reason to do so. Because compared to the traditional username and password combination, it's a far more secure option.
So, the purpose of this blog is to instruct you on configuring the client certificate-based authentication between EC Payroll system and SAP Integration Suite.
I know (and understand) that most people can follow a guide from SAP. But as you can see, the SAP Help page has an extensive amount of content. Therefore, the goal of this blog is to help you to visualize what SAP is describing in its configuration guide.
References:
These steps are similar if you have previously configured the Point-to-Point data replication between EC Payroll and SuccessFactors applications.
Here comes the tricky parts.
The following actions must be taken if you are unlucky enough that all necessary services have already been enabled in SAP BTP.
Under your subaccount’s entitlements, add a new service plan.
Search for the service Process Integration Runtime, and then select the below plans.
Save it.
Go to Services & Instances and Subscriptions, then click Create.
Under the new instance creation, select the below information.
You can use the default values under the parameters tab. Technically, the role ESBMessaging.send will be granted to those who have the client certificate.
Now, we are ready to create it.
Under the newly created instance, click on Create Service Key.
Select the key type as External Certificate and then copy the EC Payroll’s certificate to External Certificate.
Here we go.
For testing purposes, you can utilize either your integration flow or the SAP standard-delivered integration packages. In my case, I employ my custom integration flow.
I create an RFC connection to SAP Integration Suite.
Make sure you choose the SSL certificate that you exported in the first step under the Logon & Security tab.
After you make a connection test, you should receive the successful HTTP response (status 200).
There’s nothing lasts forever as well as the certificate. The certificate will usually expire after a year.
Setting up the notification for expiring certificates is therefore advised.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |