on 02-22-2022 1:48 PM
Dear Community,
I have the following scenario:
> nodeJs UI5 app with approuter included, running on Cloud Foundry
> oData Service running on BTP ABAP Environment
I want to consume on the UI5 app the oData service, running on ABAP Environment, within a destination and forward principal propagation information within JWT via destination to ABAP Environment.
I know how to do this from app-to-app on Cloud Foundry (check out carlos.roggan's post).
Is there any way to do this? Can I use the JWT information, scopes, etc. on the ABAP Environment? How to realize principal propagation if I can't do that?
With basic auth, described here, I am able to set up this chain. But how does it look like with oAuth v2 and JWT?
Is that even supported or a gap within the BTP portfolio ?
Thanks for any suggestions and ideas,
Regards,
Cedric
The answer was committed as comment replies on my question.
Short answer:
No, it is not possible to use the jwt of the user session within the ABAP environment.
You can create a SAML inbound connection, to at least have SSO in place.
However, you will need to replicate your business users to the ABAP environment and orchestrate them (and their roles) within the ABAP environment too.
This brakes the BTP authority chain so far and relies in additional workload. I recommend to SAP to think again about this solution and also I recommend to customers to overthink using ABAP environment for use-cases, where you wanna use the environment to provide REST APIs where it is necessary to have principal propagation and authorities in place. This small issue can be a gamechanger of your digital transformation (within ABAP environment).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.