Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Client Certificate authentication for API calls

Former Member

on ‎2019 Jan 08 12:52 PM

0 Likes
3,214

In a previous blog post Divya Mary, details the process of Client Cert authentication for API calls between the Provider and the back-end system

https://blogs.sap.com/2018/01/19/sap-cloud-platform-api-management-client-certificate-authentication...

A question was asked in that post, calling an API Proxy from an external application with client cert authentication.

Is there a blog post detailing this, as I am trying to test using a client cert instead of using OAuth or SAML.

Thank you,

Raj

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2019 Jan 08 4:11 PM
0 Likes

Hi Raj,

could you describe for the sake of clarification if your end goal is to authenticate end users with X.509 client certificates or a service user that is calling the API with the certificate? Perhaps a drawing of your intended architecture will help also.

CU
Gregor

Rutuja
Newcomer
‎2024 Jul 19 11:43 AM
0 Likes
Were you able to find an answer for this? I have a similar requirement where I want to authenticate the the third party application calling the API proxy using certificate authentication. Do you know what config needs to be done in the BTP?

Accepted Solutions (0)

Answers (4)

Answers (4)

divyamary
Product and Topic Expert
Product and Topic Expert
‎2019 Jan 15 9:59 PM
0 Likes

Hi Raj,

Enabling client certificate authentication for your API Proxy endpoint requires configurations to be done by SAP Cloud Platform API Management operations team. Therefore it would be great to open an incident on the component OPU-API-DT-OPS mentioning your tenant details. Our operations team would share the steps for securely sharing the client certificate and would guide you through the necessary configurations.

Thanks and Best Regards,

Divya

Show replies
Show replies
Former Member
‎2019 Jan 11 4:19 PM
0 Likes

Gregor,

It will be a service user calling the API with a certificate for authentication.

I am trying to test with a self signed X.509 certificate. What I don't know is how do I configure the APIProxyEndPoint to authenticate against a Client Cert.

I have used API Keys and OAuth V2.0 in policies and have had success. But wanted to try mutual authentication using X.509.

Thank you,

Raj

Show replies
Show replies
Former Member
‎2019 Jan 08 3:10 PM
0 Likes

Ivan, thanks for the reply. I tend to use Postman for testing.

My question was relating to SAP Cloud platform. If I were to implement X.509 certificate authentication, where would I configure the certificate? Can it be done from within the Cockpit or is it an Admin task?

Regards,

Raj

Show replies
Show replies
Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎2019 Jan 08 1:54 PM
0 Likes

Hi Raj,

Have you tried to use Postman to perform such tests. It is an application that you can install on most common OS'es.

It will allow you to control the HTTP method (PUT, POST, GET, etc) with several authentication options. Using the client certificates is very straight forward. All you need to do is add the certificate to Postman for your API end-point and it will be used every time you issue a request.

You could also make a Java application to call the API with client certificate authentication. I find it easier to build it with Spring Boot. Check the Mutual Authentication [session 4] of the this blog

Best regards,
Ivan

Show replies
Show replies
Ask a Question