Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Pass Login details to Backend via SAP Cloud Integration/CPI/Integration Suite

priyanka_ajn1992_90
Explorer

on ‎2022 Jun 22 11:38 AM

0 Likes
1,682

Hello Experts,

I'm working on an IS-U implementation project and we currently have a requirement to integrate few applications to the S4 HANA system via SAP CI/CPI.

From the apps, Login details (Username & Password) are as well passed in a JSON format to SAP CI and then to S4 HANA for authentication. I do not find this approach right as the login details are passed to the public cloud without any security.

I thought of asking the source to encrypt the login data before sending to CPI. But would like to get an idea as to what is the recommended approach in passing the login details securely to the backend? Can we use APIM instead of CPI here? And is it any better approach?

Could you please advise as I have been researching a lot on this topic. Any suggestions would be appreciated.

Thanks,

Priyanka

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Martin-Pankraz
SAP Champion
SAP Champion
‎2022 Jun 22 12:30 PM

Hi priyanka_ajn1992_90,

I would suggest not to use Basic Authentication (Username + Password) at all. Recommended approach would be to use an Identity Provider like Azure AD or SAP Identity Authentication Service for a secure login on your frontend app.

That login context can be passed on to an API Management (Azure or SAP for instance) solution or an iFlow directly. On the S4 side have a look at Principal Propagation to map the IdP identity to the named SAP backend user. The used authentication flow here would be OAuth2SAMLBearer. Cloud Connector supports that natively.

See this post to get you started on the topic.

Your service call sequence would look like this for an IS-U onprem scenario for example:

app -> APIM -> CPI -> Cloud Connector -> IS-U

Your app is registered with your IdP, APIM validates tokens and passes on context.

Let the community know what you did in the end 🙂

KR

Martin

Accepted Solutions (0)

Answers (1)

Answers (1)

priyanka_ajn1992_90
Explorer
‎2022 Sep 26 11:42 AM
0 Likes

Hi @Martin Pankraz,

Thanks for your response. Unfortunately I'm still struggling with this. Could you let me know how can the user context be passed on to an iflow directly?

Could you kindly help me with the same?

Thanks,

Priyanka

Show replies
Show replies
Ask a Question