cancel
Showing results for 
Search instead for 
Did you mean: 

Principal Propagation with external user ID mapping

0 Kudos
1,148

Hi Guys,

I have done all the necessary configuration in Cloud connector, SCP destination and External ID mapping in ECC.

When try to access Gateway odata service using WEBIDE, Prompt is asking for ECC user name and password. But i need to access gateway services with the ECC password according to principal probagation.

Please help me to find what i have missed in the configuration.

Thanks,

Bala

View Entire Topic
oppancs
Contributor

Dear Balasubramanian,


Most of the similar issues are causes by misconfiguration, please see some prerequisites:


-Make sure that the SAP Cloud Platform application is authenticated with SAML, in HTTP destination Principal Propagation is set.
Make sure that in SAP Cloud Connector the Principal Type is set to X.509 Certificate for the corresponding on-premise system.
-The following guide is a good hint to check the configuration: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/a8bb87a72d094e0d981d2b1f67d...


In case all these steps are done you need to troubleshoot the issue by turning on debug traces:


-Turn all logs to debug in logs and traces of SCC UI
-Turn on ABAP security trace
-Turn on level 3 ICM trace
-Then reproduce the issue


Once you have the logs most of the troubleshooting steps are described in the wiki:


https://wiki.scn.sap.com/wiki/x/qYV2HQ


and in the Guided Answers (you can find the link in the KBA):


KBA: 2701137 - SAP Cloud Connector - Guided Answers -> Open "SAP Cloud Connector - Guided Answers" -> HTTP request from Cloud platform to on-premise system -> Backend system responses with 401 HTTP code


However, you get user popup but in the background logic it is a 401 http response in case Principal Propagation is set.


Best Regards,
Barnabás Paksi

pjcools
Active Contributor
0 Kudos

@Balasubramanian - the answer from oppancs above is pretty clear - overall the main activity is making sure you have loaded a System Certificate into the backend SAP system and of course performed the synchronisation step in Cloud Connector. Sounds like you have performed some of the steps - not sure if you have completed all of them though.

The above links and the guided answers are really good in this area so hopefully these can help you. Here is a link to the SAP Note describing the guided answers.

https://apps.support.sap.com/sap/support/knowledge/preview/en/2701770

Kind Regards

Phil Cooley