Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Principal propagation from SAP Digital Manufacturing Production Process towards S/4HANA public cloud

SumitKundu
Active Participant

on ‎2025 Dec 17 9:45 AM

0 Likes
421

Hi experts,

I am working on a requirement that needs a custom production process in SAP Digital Manufacturing calling an SAP S/4HANA Cloud, Public Cloud OData api. I have followed the steps as mentioned in this blog post external-api-web-service-integration-with-sap-digital-manufacturing .

Here is my BTP destination in the subaccount where DM is subscribed.

tokenServiceURLType=Dedicated
audience=https\://myXXXXXX-api.s4hana.cloud.sap
authnContextClassRef=urn\:oasis\:names\:tc\:SAML\:2.0\:ac\:classes\:X509
includeSigningCertificateInSAMLAssertion=false
tokenServiceUser=ZS4H_DMC_COMM
tokenServiceURL=https\://myXXXXXX-api.s4hana.cloud.sap/sap/bc/sec/oauth2/token
skipUserUuidInSAMLAttributes=false
URL=https\://myXXXXXX-api.s4hana.cloud.sap/sap/opu/odata4/sap/zapi_productionorder_labels/srvd_a2x/sap/zser_mfg_label/0001
Name=S4-Dev-Label-api-pp
tokenServicePassword=<removed>
Type=HTTP
clientKey=ZS4H_DMC_COMM
Authentication=OAuth2SAMLBearerAssertion
nameIdFormat=urn\:oasis\:names\:tc\:SAML\:1.1\:nameid-format\:emailAddress
skipUserAttributesPrefixInSAMLAttributes=false
ProxyType=Internet
userIdSource=
SAMLAssertionProvider=DestinationServiceGenerated

I have created the communication arrangement in S/4HANA Cloud:

 

SumitKundu_0-1765964316945.pngSumitKundu_1-1765964380520.png

But when I test the production process which uses the service thus created is not working, i.e., failing with HTTP 401

SumitKundu_2-1765964461918.png

The production process worked successfully when I had used basic authentication at the BTP destination.

So, does SAP DM support such principal propagation with destination using OAuth2SAMLBearerAssertion? Or where am I going wrong?

Best regards,

Sumit

 

 
 

 

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
summer_jin
Associate
Associate
‎2025 Dec 18 1:06 PM
0 Likes
From the perspective of DM production process, it already supports OAuth2SAMLBearerAssertion. However, I previously encountered an issue where the communication scenario from the S/4HANA side did not support OAuth 2.0 for OData APIs. Can you confirm whether the OData APIs you are currently using support OAuth 2.0?
SumitKundu
Active Participant
‎2025 Dec 18 2:11 PM
0 Likes

Hi @summer_jin ,

Yes, the communication scenario is a custom one I built in S/4HANA cloud and it has OAuth 2.0 supported.

SumitKundu_0-1766067192026.png

Best regards,

Sumit

SumitKundu
Active Participant
‎2025 Dec 19 7:22 AM
0 Likes
@ManoelCosta can you please throw some light on this?
summer_jin
Associate
Associate
4 weeks ago
0 Likes

Hi Sumit,
I checked with S4/HANA team, hope it can help you. It seems there are some gaps between UI display and API implementation.

summer_jin_0-1766541428763.png

 

Accepted Solutions (0)

Answers (1)

Answers (1)

ManoelCosta
Product and Topic Expert
Product and Topic Expert
‎2025 Dec 19 1:45 PM
0 Likes

Hi,

OAuth2SAMLBearerAssertion should be supported, as mentioned at Adding Destinations.

Br, Manoel

Show replies
Show replies
ManoelCosta
Product and Topic Expert
Product and Topic Expert
a month ago
0 Likes
Hi! If my answer was helpful, please consider accepting it as solution.
SumitKundu
Active Participant
2 weeks ago
0 Likes
Thanks for the confirmation. But my question is actually about how to make it work. Following the steps according to https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/configuration-tasks is not working. I am particularly not sure how to apply the last task 'Consume the Destination and Execute the Scenario' in case of a custom production process.
SumitKundu
Active Participant
2 weeks ago
0 Likes
Hi @summer_jin, my OData api is a custom OData service and I have enabled OAuth 2.0 in my custom communication scenario.
Ask a Question