cancel
Showing results for 
Search instead for 
Did you mean: 

#SCPI : 401Unauthorized Certificate based authneticaton

mk_eventmesh
Explorer
0 Kudos
318

Hi Experts,

3rd Party application is trying to establish the connection with SAP CPI using certificate-based authentication, but they are getting 401 unauthorized. But its working for credential-based authentication.

I have followed below blogs:

https://blogs.sap.com/2019/08/14/cloud-integration-on-cf-how-to-setup-secure-http-inbound-connection...

i followed each step but still getting error.

So i tried to mimic the same using postman but still getting the same error.( Tried both in NEO and CF )

1. Generated SAP Passport.

2. Imported in SAP CPI, exported the certificate chain(Import -> keypair).

3. Exported the root certificate.

4. imported in SAP CPI channel.

5.

But still getting error :

Any expert advice please? I don't want to use role-based authorization.

Accepted Solutions (0)

Answers (2)

Answers (2)

CarlosRoggan
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello,

I had tried it out and published these 2 blog posts, maybe you find any helpful content there:

https://blogs.sap.com/2023/05/26/cloud-integration-call-iflow-from-node-app-with-own-client-certific...

and similar:

https://blogs.sap.com/2023/06/06/cloud-integration-call-iflow-from-node-app-2-service-binding-oauth-...

Honestly, your step no 4 is not really the full truth. The real validation is in the XSUAA and this relies on the service instance configuration and binding/service key configuration.
This is what I'm missing in your description.
Please follow the blogs and let me know if the description about certificate chain creation and configuration of service instance is helpful for you.

Kind Regards,
Carlos

ahmad_shaik
Explorer
0 Kudos

Hi Mani,

Use client id and client secrate to connect cpi from 3rd party.

mk_eventmesh
Explorer
0 Kudos

Hi,

If i want to use certificate based authentication, may i know why i need to use client id and secret?