search

SAP-docs / btp-integration-suite

Markdown source for the Integration Suite documentation. Enables feedback and contributions to improve the documentation.
Creative Commons Attribution 4.0 International
9 stars 13 forks source link

x.509 certificate principal propagation #50

Open ottfro1 opened 3 months ago

ottfro1 commented 3 months ago

Issue description

Dear SAP,

In our current setup - mutual ssl API manager -> webdispatcher -> ICM SAP PO

The API manger terminates the ssl and forwards the x509 certificate to the webdispatcher as http header the webdispatchert forwards the certificate as http header to the icm Because of the trust setup the authentication works.

Our new scenario

API manager -> SAP CI The API manger terminates the ssl and forwards the x509 certificate to SAP CI as http header In sap CI - how to setup the trust so the certificate in the http header can be accepted? The setup needs to be documented.

Feedback Type (Optional)

content gaps

Page Title on SAP Help Portal (prefilled)

Client Certificate Authentication for Integration Flow Processing

Page URL on SAP Help Portal (prefilled)

https://help.sap.com/docs/cloud-integration/sap-cloud-integration/client-certificate-authentication-for-integration-flow-processing

MelanieCueppers commented 3 months ago

Hi @ottfro1, Thank you for your feedback! We’ll look into it and come back to you if we have any questions.

pe-gu commented 2 months ago

Dear @ottfro1, Sorry for getting back to your issue with this delay. Please let me first ask to understand your use case better. Do you think of a setup that is described in the following blog- with API Management “talking” to SAP Cloud Integration: SAP API Management: Discover Integration Flows fro... - SAP Community I am not sure if the blog already answers parts of your questions. Just let me know if this is the setup you have in mind and then I will evaluate further. Thank you and best regards, Peter

ottfro1 commented 2 months ago

Dear Peter,

The blog is not helpful at all because it is a different scenario. The blog does not describe principal propagation using mTLS.

Från: Peter Gutsche @.> Skickat: den 16 april 2024 13:10 Till: SAP-docs/btp-integration-suite @.> Kopia: Frost, Otto @.>; Mention @.> Ämne: Re: [SAP-docs/btp-integration-suite] x.509 certificate principal propagation (Issue #50)

Dear @ottfro1https://github.com/ottfro1, Sorry for getting back to your issue with this delay. Please let me first ask to understand your use case better. Do you think of a setup that is described in the following blog- with API Management "talking" to SAP Cloud Integration: SAP API Management: Discover Integration Flows fro... - SAP Communityhttps://community.sap.com/t5/technology-blogs-by-sap/sap-api-management-discover-integration-flows-from-cpi-tenants-and-auto/ba-p/13441919 I am not sure if the blog already answers parts of your questions. Just let me know if this is the setup you have in mind and then I will evaluate further. Thank you and best regards, Peter

- Reply to this email directly, view it on GitHubhttps://github.com/SAP-docs/btp-integration-suite/issues/50#issuecomment-2058833363, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASYVSHZMCUJFRT72FMIEA63Y5UBI3AVCNFSM6AAAAABEUFA3ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJYHAZTGMZWGM. You are receiving this because you were mentioned.Message ID: @.**@.>>

pe-gu commented 2 months ago

Dear @ottfro1 we do not cover yet this use case end-to-end in the documentation on Help Portal, but there is a blog series that might help when you use SAP Cloud Integration in the Cloud Foundry environment: Principal Propagation in SAP Integration Suite. Is among the described use cases one that fits to your system setup? Best regards Peter