on 2018 May 25 3:33 PM
Hello Community.
I enable the principal propagation through the following steps:
1. Configuration of the Cloud Connector
a. Update the principal type of the Access Control
b. Set up a trust with the identity provider
c. Export the system certificate so that you can import it in the backend system later on
d. Configure the CA certificate for the short-living certificate
e. Adapt the subject pattern for principal propagation
f. Generate a sample certificate in order to import it in the backend.
2. Configuration of the on-premise backend system
a. Import the system certificate of the Cloud Connector to establish trust
b. Configure the Internet Communication Manager (ICM) to ensure the communication to the outside world.
c. Set the view VUSREXTID.
3. Update of the destination in SAP Cloud Platform
a. Change the authentication type of the destination to “Principal Propagation”
My question is with point 3 of the configuration in the Cloud Conector is Obligatory replace the default UI Certificate for Principal propagation.
I use the UI certificate by default and I have a problem in validating the certificate in ECC.
Hi Yerlan
Take a look at this blog post: https://blogs.sap.com/2017/06/22/how-to-guide-principal-propagation-in-an-https-scenario/
You can use a self-signed certificate for the system certificate and re-use the same one as UI certificate if you want to.
For the principal propagation, the certificate used will be the CA certificate, and you need to make sure to enable the trust between the SCC and the backend system (as described in the blog post).
As your system does not have the CERTRULE transaction, you need to perform the manual mapping, so you can add the entries to the VUSREXTID using the EXTID_DN transaction.
Let me know your advances.
Augusto
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Augusto.
We made the adjustments according to the blog that you indicated to me and it worked perfectly.
Thank you very much.
User | Count |
---|---|
57 | |
11 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.