cancel
Showing results for 
Search instead for 
Did you mean: 

SAP API Management: Use Client Certificate for Target Endpoint Authentication

JCardoza
Explorer
0 Kudos
928

Hi,

I have a scenario where a HTTPS Endpoint is exposed using API Management:

  • Target Endpoint is a SAP CPI iFlow HTTPS Endpoint
  • CPI is configured for Client Certificate Authentication using Certificate-to-user mapping
  • API Proxy of type URL is created and deployed for the CPI HTTPS endpoint

Test Execution using Postman:

  • SAP Passport used as the client certificate
  • Private Key and Certificate added to Postman Settings
  • Calling the CPI HTTPS endpoint directly works fine
  • Calling the API Proxy by substituting the CPI endpoint URL with API Proxy URL fails with 401 Unauthorized
  • Using Basic Authentication instead of Client Certificate works fine with the API Proxy

Is there some configuration on the API Management that I am missing to get this working?

Regards,

JC

Accepted Solutions (0)

Answers (2)

Answers (2)

JCardoza
Explorer
0 Kudos

Hi Gregor,

Is it possible to forward the Client Certificate received in the API Consumer Request call made to the API Proxy?

Which Policy can be used to achieve this?

Regards,

JC

gregorw
Active Contributor
0 Kudos

Do you forward the client certificate in your API Proxy policy?