cancel
Showing results for 
Search instead for 
Did you mean: 

Connection to on premise SAP ABAP User store as identity provider in cloud platform trial version

gill367
Active Contributor
0 Kudos

Hi Experts,

I would like to know if there is a way to use on premise SAP ABAP system user store for hana cloud platform trial version identity provider.

I tried playing around with identity provisioning system but it seems to be not relevant to this use case.

Regards,

Sarbjeet Singh

Accepted Solutions (1)

Accepted Solutions (1)

lucasvaccaro
Product and Topic Expert
Product and Topic Expert

Hi Sarbjeet,

You can authenticate users from the on-premise ABAP system using an instance/tenant of the Identity Authentication Service. This service does not have a trial environment. The connection flow is from IAS > SAP CP > Cloud Connector > NW Java > NW ABAP. See the documentation:

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/461d71c148594608b9c8b6d016e...

Best Regards,
Lucas

gregorw
Active Contributor
0 Kudos

Dear Lucas,

is there any option to use that scenario without the NW Java?

Best regards
Gregor

lucasvaccaro
Product and Topic Expert
Product and Topic Expert

Hi Gregor,

No, because ABAP systems can't act as Identity Provider in a SAML scenario, and it does not have an SCIM API implementation. Meanwhile, Java systems contain both implementations with the IDMFEREDATION component. Then it uses the usual UME destination to authenticate against the ABAP system.

Best Regards,
Lucas

former_member261060
Discoverer
0 Kudos

Hi Lucas

So does that mean we always need to go via Cloud Connector to connect to NW Java stack.

Can't we configure via SAML end points in NW Java.

What about connection as below.

IAS > SAP CP > SAML > NW Java > NW ABAP.

Isn't this a good option?

https://blogs.sap.com/2016/12/19/part-3-identity-providers-for-hcp-in-practice/

Thanks

Puneet

lucasvaccaro
Product and Topic Expert
Product and Topic Expert

Hi Puneet,

If your NW Java is accessible from the internet, you can define it as Application Identity Provider on SAP CP directly, no need to use IAS.

Best Regards,
Lucas

gill367
Active Contributor
0 Kudos

Hi Lucas,

Thanks for your reply and explanation.

So if it is not exposed via the internet, do we have to use IAS.

Is there any way we can use cloud connector alone (without IAS) to configure NW JAVA as identity provider.

Regards,

Sarbjeet Singh


lucasvaccaro
Product and Topic Expert
Product and Topic Expert

If you have a Java application running on SAP CP, you can make it use the on-premise user store without IAS:

https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/933034aeb00d489eaf21d50bbb1...

But that works only for Java apps.

Regards,
Lucas

Answers (0)