Open gregorwolf opened 1 year ago
newtork
commented
1 year ago Provide a possibility to decide on a by request level if either
SAP-Connectivity-Technical-AuthenticationorSAP-Connectivity-Authenticationshould be sent.
How would you differentiate when to use one over the other? What information would need to be present at runtime? Where is the technical user token coming from at runtime?
FrankEssenberger
commented
1 year ago One way would be that the destination service offers something as a sub-option when PrincipalPropagation is chosen. However, as long this is not there I also do not see a good way. I would not like to use some destination property for that. I will reach out to the destination service colleagues.
manolvalchev
commented
1 year ago This feature is being released in a step-wise approach. First in cloud connector, then in Destination service, etc. Kindly be patient, and stay tuned watching the What's New for SAP Business Technology Platform - Connectivity
gregorwolf
commented
1 year ago Thank you @manolvalchev is the rollout also in some roadmap?
FrankEssenberger
commented
1 year ago Once we have the feature available on our internal cloud foundry and destination service instance we will start the implementation from the SDK side.
manolvalchev
commented
1 year ago Thank you @manolvalchev is the rollout also in some roadmap?
@gregorwolf, not yet - perhaps in future
gregorwolf
commented
1 year ago The blog post Technical User Propagation – SAP BTP To S4 On Premise provides now an example on how:
What is the status regarding the destination configuration?
manolvalchev
commented
1 year ago @gregorwolf , as for modelling/managing a destination configuration of that auth type, it's already rolled out: check the official docu.
FrankEssenberger
commented
1 year ago Then I will remove the blocked label and increase priority in our backlog for this ticket so that we will support this also from the SDK side.
Showkath
commented
10 months ago Hi @FrankEssenberger , @jjtang1985 ,
As reported by @gregorwolf, I would like to add my votes for this issue.Need support for Technical User Propagation. Eliminating basic authentication and hard-coded credentials is crucial for enhancing security, especially when interacting with SAP Backend Onpremise systems. This feature complements overall security practices, and its implementation is vital for our project. Your prioritization would greatly expedite progress.
Thanks, Showkath.
Is your feature request related to a problem? Please describe.
The release 2.15.0 of SAP Cloud connector adds a new Authentication Type - Technical User Propagation. It can be used by setting the HTTP Header
SAP-Connectivity-Technical-Authenticationinstead of theSAP-Connectivity-Authenticationheader which is already supported in the SAP Cloud SDK.Describe the solution you'd like
Provide a possibility to decide on a by request level if either
SAP-Connectivity-Technical-AuthenticationorSAP-Connectivity-Authenticationshould be sent.Impact / Priority
Affected development phase: Production
Impact: Inconvenience
Additional context
Getting support for the Technical User Propagation would allow us to get rid of destinations using basic authentication which we currently need to use when our CAP endpoint is called by the Job Scheduling service.