cancel
Showing results for 
Search instead for 
Did you mean: 

SAP CPI/Cloud Integration : Principal Propagation using password grant type

0 Kudos
956

Hello Experts,

I'm stuck with the below requirement since few days and would highly appreciate your support in sorting this issue.

Requirement:

I'm having a requirement to propagate the user context from the sender to the backend on prem S4 HANA system via Cloud Integration using the cloud connector. The sender system will present the CPI Integration suite Service Key (Client ID and Secret) along with the username and password in the body of the request.

I need to propagate this to the backend using password grant type flow.

Progress So far:

I have referred multiple blogs and have created a XSUAA instance in the cloud foundry and added few scopes and role templates. Using this , I could fetch the access token using postman from the below endpoint.

https://<CI tenant>.authentication.ap21.hana.ondemand.com/oauth/token?grant_type=password

Issues:

When I pass this token to the I flow endpoint below. I get a 401 response with the error as mentioned below.

https://<CIruntime URL>/http/princproptest

Error - Bearer error="invalid_token", error_description="The token is invalid: Jwt token with audience [openid, sb-na-17602b24-dd94-418c-9e34-bc6c889fff33!a6394] is not issued for these clientIds: [sb-i, it-rt-116].", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"

Is this because the token does not have the ESBMessaging.Send scope to hit the Iflow?

Any help on how this can be resolved will be of great help.

I have already referred to the below youtube video and the blogs:

https://blogs.sap.com/2022/04/20/principal-propagation-in-sap-integration-suite-from-external-system...

https://www.youtube.com/watch?v=0mMbnV5QUm0

Thanks,

Priyanka

View Entire Topic
0 Kudos

Hello Experts,

Can anyone help me with this query please?

Thanks,

Priyanka