Open gregorwolf opened 1 year ago
Provide a possibility to decide on a by request level if either
SAP-Connectivity-Technical-Authentication
orSAP-Connectivity-Authentication
should be sent.
How would you differentiate when to use one over the other? What information would need to be present at runtime? Where is the technical user token coming from at runtime?
One way would be that the destination service offers something as a sub-option when PrincipalPropagation
is chosen. However, as long this is not there I also do not see a good way. I would not like to use some destination property for that. I will reach out to the destination service colleagues.
This feature is being released in a step-wise approach. First in cloud connector, then in Destination service, etc. Kindly be patient, and stay tuned watching the What's New for SAP Business Technology Platform - Connectivity
Thank you @manolvalchev is the rollout also in some roadmap?
Once we have the feature available on our internal cloud foundry and destination service instance we will start the implementation from the SDK side.
Thank you @manolvalchev is the rollout also in some roadmap?
@gregorwolf, not yet - perhaps in future
The blog post Technical User Propagation – SAP BTP To S4 On Premise provides now an example on how:
What is the status regarding the destination configuration?
@gregorwolf , as for modelling/managing a destination configuration of that auth type, it's already rolled out: check the official docu.
Then I will remove the blocked label
and increase priority in our backlog for this ticket so that we will support this also from the SDK side.
Hi @FrankEssenberger , @jjtang1985 ,
As reported by @gregorwolf, I would like to add my votes for this issue.Need support for Technical User Propagation. Eliminating basic authentication and hard-coded credentials is crucial for enhancing security, especially when interacting with SAP Backend Onpremise systems. This feature complements overall security practices, and its implementation is vital for our project. Your prioritization would greatly expedite progress.
Thanks, Showkath.
Is your feature request related to a problem? Please describe.
The release 2.15.0 of SAP Cloud connector adds a new Authentication Type - Technical User Propagation. It can be used by setting the HTTP Header
SAP-Connectivity-Technical-Authentication
instead of theSAP-Connectivity-Authentication
header which is already supported in the SAP Cloud SDK.Describe the solution you'd like
Provide a possibility to decide on a by request level if either
SAP-Connectivity-Technical-Authentication
orSAP-Connectivity-Authentication
should be sent.Impact / Priority
Affected development phase: Production
Impact: Inconvenience
Additional context
Getting support for the Technical User Propagation would allow us to get rid of destinations using basic authentication which we currently need to use when our CAP endpoint is called by the Job Scheduling service.