on 02-11-2021 11:18 AM
Hi Experts,
We have requirement to build SCP side-by-side extension to information from ECP.
ECP information exposed as OData service and same service trying to call from SCP Ui5 Application.
Currently we are stuck at ECP service authentication, request getting struck at EC
- ECP system single-sign on with SF EC
- OData service authentication from SF EC SAML
- From SCP request getting blocked at SF SAML and not forwarded to ECP System.
How to handle authentication from ECP on this scenarios. OData Metadata call service response return SAML, not giving metadata. Destination we maintained basis authentication with SF EC User details.
Please share your views/inputs on this issue.
<html><head><meta http-equiv="cache-control" content="no-cache" /><meta http-equiv="pragma" content="no-cache" /></head><body onload="javascript:var url=window.location.hash;if(url&&(0!==url.length)){document.cookie="oucqqrwteywoyfqsoredbozbybouccexzcswxdz_anchor="+escape(url)+"; path=/"}document.forms[0].submit()"><noscript><p><strong>Note:</strong> Since your browser does notsupport JavaScript, you must press the Continuebutton once to</p></noscript><form method="POST" action="https:// <<< URL>>>"><input type="hidden" name="SAMLRequest" value="PHNhbWxwOkF1dGhuUmVxdWVzdCBJRD0iUzAwMTYzZTg2LThmMDItMWVkYi05YjhiLTRjY2U3OWMyNjdkOSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDItMTFUMTE6MTU6MDhaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9oY20ycHJldmlldy5zYXBzZi5ldS9zZi9pZHAvU0FNTDIvU1NPL1BPU1QvY29tcGFueS9kd3JjeW1ydWN5RCIgRm9yY2VBdXRobj0iZmFsc2UiIElzUGFzc2l2ZT0iZmFsc2UiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9teTAxMDA0NjUucGF5cm9sbC5vbmRlbWFuZC5jb20vc2FwL29wdS9vZGF0YS9zYXAvWlNGX09UX0RFVEFJTFNfU1JWLyRtZXRhZGF0YT9zYXAtbGFuZ3VhZ2U9RU4iIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPlhZVl8xMDA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjUzAwMTYzZTg2LThmMDItMWVkYi05YjhiLTRjY2U3OWMyNjdkOSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+V044dUxkZzc4UlVJVXdYNGpndnBXd0V6RmtBPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5DR01vWjdJZ2R4RXdXcHBXR2E3em5LejA4RTFBK3ArTmcrVUt4ck9QcFpPb0ltb2JZZ1ZWUkVWZmZ5V1NCeWlvRGpqMnNGcm5OTVJ2Cm5tL3o2b2MzMElqQ2FIcDZETEVhNnlrMTh5NUtLa1k1UXhLb3JnWDBkZlphcWpsZys4ODJZVlN1Yk9EZlMzeFZNUjV0aUd0d0xUeHcKdTBGS0FyRUxFZGFKdU1KM29xZTJPbkJFbEZzYndEaDJCcEI4Ky9rdHBmekF5aWZOTGo1Zmlib3RRdktscmg3SmFvZXBQUVo3dU5CeApocHRaRkV1Mk05OGhad0R0UTdTbGliY3IySS9EVkJnWnFnVjlSdW16Tk5tWm9SaEZtWUlXVk9wVTdTa2liVkxrWUFIN1JJYmF0VnJlCjROSWhuZUJkbE9VSkgxVGQ4S3AwUXZydXpuNFlMTy9UZWx5SE13PT08L2RzOlNpZ25hdHVyZVZhbHVlPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCIvPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg=="><input type="hidden" name="RelayState" value="oucqqrwteywoyfqsoredbozbybouccexzcswxdz"><noscript><input type="submit" value="Continue"></noscript></form></body></html>
Regards,
Satya.
Hi satyasunilkapagnati,
To access ECP APIs via SAML your BTP has to use the same IdP as your ECP tenant. Once both are authenticating in the same place, your are able to perform SSO using the following destination template:
Name=ECPSamlAssertion
Type=HTTP
URL=https://myXXXXXX-api.s4hana.ondemand.com
Authentication=SAMLAssertion
ProxyType=Internet
audience=https://myXXXXXX.s4hana.ondemand.com
authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:X509
If you are using different IdPs, then you can use the following approach:
Make sure you have performed all the required tasks in terms of extensibility in the Extension Center:
The above tasks will give you an OAuth2 client that you can use on your destination with authorization type set as either OAuth2JWTBearer OAuth2UserTokenExchange.
Name=ECPOAuth2
Type=HTTP
ProxyType=Internet
Authentication=OAuth2UserTokenExchange
clientId=<<<Client ID from ECP>>>
ServiceKeyName=<<<Client ID from ECP>>>
tokenServiceURL=https\://myXXXXXX-api.s4hana.ondemand.com/sap/bc/sec/oauth2/token
URL=https\://myXXXXXX-api.s4hana.ondemand.com
Best regards,You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
3 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.