cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to establish principal propagation between BTP subaccount and BTP ABAP environment?

Go to solution
MioYasutake
Active Contributor

on ‎2023 Jun 20 2:26 AM

0 Kudos
748

Hi community,

I am trying to set up the following scenario.

  1. A user logs in to BTP via Identity Authentication.
  2. The user accesses UI5 app deployed to HTML5 App repository.
  3. In the backend (BTP ABAP environmet), the user gets authenticated as the same user who logged in to BTP (principal propagation).

To achieve this, I assume that the following settings are required.

  • Communication sceanrio pointing to the backend service
  • Communication system with OpenID Connect Provider

  • Communication arrangement connecting the communication scearnio and communication system
  • Destination for principal propagation in the BTP subaccount

I am stuck at the destination creation - which authentication type should be chosen with what kind of settings? Also, appreciate the information on how to set up this end-to-end connection, as I haven't been able to find documentation on this topic.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

former_member239751
Explorer
‎2023 Jun 20 7:40 AM

Hi Mio,

are the HTML5 app and the BTP ABAP system located in the same subaccount?

Then you should be able to just bind the ABAP service instance to the application and create a route for it.

If the binding is not possible you can simply create a OAuth2JWTBearer destination with the credentials from a service key of the BTP ABAP service instance (OAuth credentials located in the "uaa" part of the service, append /oauth/token to the uaa.url for the token endpoint).

You don't need any Communication Scenario in this case, as no technical user is involved and the trust to the subaccount where the BTP ABAP Environment system is located in, is implicit.

Best Regards,

Thomas

Show replies
Show replies
MioYasutake
Active Contributor
‎2023 Jun 20 8:28 AM
0 Kudos

Hi thwiegan,

Thank you very much for your quick response. The HTML5 app and the BTP ABAP system are lodated in the same subaccount.

I used a destination that was generated by BAS. With this setting, the logged-in user's identity was propagated to the backend system.

Answers (0)

Ask a Question