Simplifier Makers ClubSimplifier Makers Club
  • Docs
  • Knowledge
  • F.A.Q
  • Forum
  • Courses
  • Marketplace
  • Login
  • Try for free
  • German
  • English
  • Try for free
  • Docs
  • Knowledge
  • F.A.Q
  • Forum
  • Courses
  • Marketplace
  • Login
  • Try for free
  • German
  • English
  • Try for free

Current Release

home/Documentation/Current Release
  • Getting Started
    • Basic Concept and Capabilities
      • Interaction
      • Governance
      • Collaboration
      • User Experience
      • Integration
      • Automation
      • Operations
  • App Builder Guide
    • Design
      • OpenUI5, SAPUI5 and Fiori
      • Accessibility
      • Widget Groups
      • Widgets
    • Build
      • Build Workflows
        • Create Workflow
        • Using Conditions
        • Working with Outcomes and Variables
        • Start Workflow within App
        • Using Automated Task
        • Using User Task
        • Using Notification Task
        • Create Custom Task UI
        • Customizing User Task Notifications
        • Run Workflows in parallel
      • Add and Format Data
      • Create Apps via Wizard
        • Login
        • Table with Details
        • Layout
        • Form Assistant
        • Upgrade UI5 Version
        • Database Data Editor
      • Using Keyboard shortcuts
      • Create Apps from Scratch
        • Device Condition
        • Design Apps in Real Time across all devices
        • Create the User Interface
          • Collaboration
          • Manage Screens
          • Design Screen
          • Assets
          • CSS Editor
          • Libraries
          • Theming
        • Access Business Object via Script
      • Add Application Logic
        • Login/Logout into an App
        • Modify the UI at runtime
        • Events
        • Variables and Datatypes
        • Auto-Fields
        • Logic
          • Device Condition
          • Condition
          • Iterate over List of Data Records
          • Custom Scripting
          • Access Business Object via Script
        • Navigate between Screens
        • Data Services
        • Data Object
          • Filters for Connectors
        • Mapping Area
      • Using native mobile Features
        • Contacts API
        • Internal camera application
        • Mobile Actions
        • App Links / Deep Links
        • Offline Usage
          • Offline Storage
          • Offline Events
      • Modularize your Apps
        • Use Modules
        • Interfaces
      • Manage Access
      • Working with Text and Mails
        • Dynamic Text
        • Sending Email
      • Localization
        • Translate Workflows
        • Import/Export Workflow Translations
        • Translate Applications
      • Run Application
        • Run in Browser
    • Integrate
      • Integrate into SAP
      • Connectors
        • Login Methods
          • Username or -alias
          • Single-Sign-On with oAuth 2.0 Bearer Token
          • Certificates
          • Token
          • Username/Password
          • SAP Logon
        • Create and Manage Connectors
        • Websocket Communication
          • Token Generation
          • Websocket Generation
          • Websocket API Documentation (Incomplete)
          • Request Types (Asynchronous Connectors)
          • Token, Websocket and Request Sending Example
          • Asynchronous Connector Request Json Examples
            • OPC-UA Monitoring Requests
            • OPC-UA Monitoring Requests Examples
        • Create and manage connector calls
          • Connector Call Specific Parameters
          • Copy Connector Calls
          • Test a Connector Call
        • SOAP Connector
          • SOAP Connector Calls
        • REST Connector
          • REST Connector Calls
          • REST Connector Call Query Parameters
          • REST Connector Call Header Parameters
        • OData V2 Connector
          • OData V2 Connector Calls
        • SAP RFC Connector
          • SAP RFC Quickstart
          • SAP RFC Connector Calls
            • Create SAP RFC Calls manually
        • SQL Connector
          • SQL Connector Calls
          • Up-Download of SQLite Databases
        • MQTT Connector
        • OPC UA Connector
          • OPC UA Connector Calls
            • READ Call - OPC UA Connector
            • WRITE Call - OPC UA Connector
            • BROWSE Call - OPC UA Connector
            • SUBSCRIBE Call - OPC UA Connector
        • CSV Connector
          • CSV Connector Calls
        • Email Connector
          • Email Connector Call
        • Push Notification Connector
          • Assign Roles
          • Send message via Process Dashboard
          • Receive message via Process Dashboard
          • Push Notification Connector Calls
        • Proxy Connector
        • Simplifier SAP
          • SAP ERP6 Business Partner
          • SAP ERP6 Object Status
          • SAP ERP6 Status Profile
          • SAP ERP6 ArchiveLink
          • SAP ERP6 Generic Object Services
          • SAP ERP6 Object Classification
          • SAP ERP6 Text
          • SAP ERP6 Partner Schema
          • SAP ERP6 Document (DIS/DRAW)
          • SAP ERP6 Change Document
          • SAP ERP6 Material
          • SAP ERP6 User
          • SAP SD Sales Order
          • SAP SD Customer
          • SAP SD Customer Quotation
          • SAP SD Vendor
          • SAP SD Billing Document
          • SAP IS-U Connection Object
          • SAP IS-U Business Partner
          • SAP ISU Premise
          • SAP ISU Device Location
          • SAP ISU Meter Reading Order
          • SAP ISU Installation
          • SAP ISU Meter
          • SAP ISU Owner Allocation
          • SAP ISU Point of Delivery
          • SAP ISU Service Order
          • SAP ISU Street
          • SAP ITIZ Handler
          • SAP IS-U Account
          • SAP IS-U Contract
          • SAP ITIZ SDSH
          • SAP ITIZ Key Value
          • SAP ITIZ UI5
          • SAP ITIZ DB Table
          • SAP MM Service Master
          • SAP MM Purchase Order
          • SAP MM Entry Sheet
          • SAP MM Goods Movement
          • SAP MM Purchase Requisition
          • SAP PM Equipment
          • SAP PM Functional Location
          • SAP PM Measurement Point
          • SAP PM Maintenance Notification
          • SAP PM Service Notification
          • SAP PM Service Order
          • SAP PM Maintenance Order Confirmation
          • SAP PP Material BOM
          • SAP PP Production Order Confirmation
          • SAP PP Production Order
          • SAP WM Transfer Order
          • SAP HR Personal Time Management
          • SAP HR Time Sheet
          • SAP QM Quality Notification
      • Code Designer
      • Business Objects
        • Create server-side Business Objects
          • Server-Side Business Object API
          • Server-Side - Access Connectors
          • Server-Side - Access other Business Objects
          • Server-Side - Access Plugins
          • Changes in Business Objects with Release 8 EHP 1
          • Convert XML to/from JSON
          • Encode/Decode Base64
          • Extended Functionality
        • Create client-side Business Object
          • Client-Side Business Object API
          • Client-Side - Access Connectors
          • Client-Side - Access Plugins
          • Client-Side - Access other Business Objects
        • Create and Manage Functions
          • Test Business Object Functions
          • Versioning of Business Objects
      • Data Types
        • Domain Type
        • Struct Type
        • Collection Type
        • Copy Data Types
      • Database Designer
        • Schema Overview
        • Data Editor
        • Create/Modify Schema
        • Import existing Database
        • Deploy Schema
      • SAP Systems
      • Jobs
    • Debugging
      • Debugging on Browser
      • Debugging on Mobile Client iOS
      • Debug Server-Side Business Objects
      • Debugging on Mobile Client Android
    • Test & Secure
      • Automated Testing
      • Automated Testing on mobile
    • Deploy
      • Application Properties and Releases
      • Deploy on Simplifier Runtime
        • Transports
          • Packages
          • Create a Transport
          • Import Manual Transport
          • Release and Transport an Application
      • Simplifier Mobile Client
        • Features
        • Intune
      • Deploy as Standalone Mobile
      • Deploy to SAP onPremise
      • Deploy to SAP BTP
    • Manage
      • Projects
    • Maintain & Optimize
      • Monitoring
        • Monitoring
        • Monitor Workflows
        • Monitoring Sub Workflows
        • Statistics
        • Logs
          • Filter
          • User-Log
          • Execution Log
    • Extend
      • Create custom App Wizards
      • Create Widget Groups
      • Create custom Widgets
        • Single Widget
          • Enumeration in Widget Properties
        • Widget Categories
      • System Libraries
      • Simplifier Client API
      • Integrate external Libraries
        • Add a new Library
          • Integration of Libraries - addScript
          • Integration of Libraries - addStyle
          • Integration of Libraries - addBeforeInitHandler
          • Integration of Libraries - addAfterInitHandler
      • Workflow API
      • Simplifier App Wizard API
      • Plugins
        • Overview
        • List of Plugins
          • PDF Plugin
            • Installation PDF Plugin
            • Build a PDF Template
            • Technical call of a PDF Plugin
              • Delete a PDF Template
              • Start PDF Generation
              • List your PDF Templates
              • Fetch a PDF Template
              • Edit a PDF Template
              • Add a PDF Template
            • Typical Use-Case PDF Plugin
          • Content Repository
            • Content Files
          • keyValueStore / JSON Store Plugin
        • Plugins via Script
        • Plugin development
        • Anonymous Profile for Plugins
        • Plugin Secrets
  • End User Guide
    • Mobile Client
      • Login
      • Using Apps
      • Handling User Task mobile
      • Adjust Mobile Settings
      • Report Errors
    • Launchpad
      • Handling Tasks
      • Update your Profile
  • Operator Guide
    • Operation Model (PMT)
      • People
      • Method
        • Preparation - Sprint 0
        • Implementation - Sprint 1 - x
    • Roles and Rights
      • Overview
      • Global Roles
      • Project Roles
      • Business Roles
      • Best Practices with Projects
      • Permission Overview
        • Workflow Permission
    • Automation
      • Automate Transport
    • Support
      • Support Requirements
      • Your contact within Simplifier
      • Manage your Simplifier MyID and support users
      • How to login to our support portal
  • Administrator Guide
    • Release Cycle
    • Feature Lifecycle
    • Launchpad Settings
    • Requirements and Instructions
      • Server Requirements
      • Client Requirements
      • Firewall Requirements
      • Reverse Proxy Requirements
        • Testing WebSocket Connection through Reverse Proxy
      • Additional Requirements for Oracle Databases as Backend
      • Additional Requirements for MySQL Databases as Backend
      • Validate CORS Header
      • Validate I/O Storage Performance
    • Installation
      • Docker Security Runtime
      • Checklist - Simplifier Installation
      • Cluster Mode
      • Docker Image Configuration
      • Configure Proxy Settings
      • On Premise
        • General Requirements for On-Premise-Installations
        • Installing Simplifier MAKERS CHOICE
        • Installing Simplifier LTS
        • Oracle Database Setup
        • Setting up custom certificates for transport system
      • AWS
        • Install via AWS Marketplace
        • High Availability and High Performance Cluster (Horizontal Scaling)
      • Azure
        • Install via Azure Marketplace
      • Simplifier Cloud
        • Simplifier Cloud SLA
          • Simplifier Cloud SLA 1.2
          • Simplifier Cloud SLA 1.1
        • Checklist - Your System Integration
        • Cloud Security
        • Operation Models
          • Hosting Models until 25-03-31
          • Hosting Models until 23-05-01
        • Cloud FAQ
        • Data Centers of Simplifier Cloud
        • Backups
        • ISO Certificates and Audits
      • SAP BTP
    • Quality Update
      • Update via docker compose
      • Automatic Update
    • Upgrade to next MAKERS CHOICE or LTS
      • Upgrade from MC 25-03 to MC 25-05
      • Upgrade from Release 9 to MC 25-05
      • Upgrade from Release 8 to Simplifier 9 LTS
      • Upgrade from Release 8 EHP 4 to Simplifier 9 LTS
    • User Management
      • User Overview - Create a new user
      • Reset Passwords
      • Enable Multi-Factor-Authentication (MFA/2FA)
      • Role Overview
        • Restrict Roles Assignment
      • Group Overview
      • QR Login-Generator
      • Permissions
        • Permission Overview
    • Security
      • Mobile Security
      • Overview
      • Basic Protection of Internet Access
      • Secure Simplifier API
      • Implementation of Web Application Firewalls
      • Operation Best Practice - Public Access
      • Authentication for Web Applications
      • Access Control for Web Applications
      • Secure Session Management
      • Controlled Integration of Data and Content into Web Applications
      • Logging of security-relevant Events of Web Applications
      • Protection against Unauthorized Automated Usage of Web Applications
      • Protection against SQL Injection
      • Security Team (ISIRT)
    • Setup external Identity Provider
      • Using OAuth for authorization on Google
      • SAML and SAP Single Sign-On over SOAP
      • SAP SSO via SNC and Identity Provider
      • Troubleshoot SAP SSO via SNC
      • Setup Principal Propagation for SAP BTP
      • Using OAuth for authorization on Azure / Entra ID
      • Configure SAML Setup with Azure AD / EntraID
      • Using OpenID Connect for authorization in SAP BTP
    • Settings
      • Server Settings
      • Security
      • License
      • Authentication
        • Project Permissions
        • LDAP
        • SAP Single Sign On via SOAP
          • Checklist SAP SSO over SOAP
        • SAP Single Sign On via RFC
        • Active Directory
        • Open Authorization (OAuth)
          • Using OAuth for authorization on Amazon
        • Security Assertion Markup Language (SAML)
          • Using SAML with Google - G Suite
          • Using SAML with Microsoft ADFS
        • User Details Mapping
        • User Attributes Synchronization
        • User Roles Synchronization
        • Test Authentication
      • Messages
      • Log
      • Server Environment
      • SAP Security
      • New Features
      • Workflow Monitoring
      • Native Settings (include.conf)
    • Archiving
      • Archiving Workflow Logs
  • Release Notes
    • Release Notes MAKERS CHOICE 25-05
    • Pre-Release Notes 10
    • Release Notes 9
    • Release Notes Mobile Client
    • Archive MAKERS CHOICE
      • Release Notes MAKERS CHOICE 25-03
      • Release Notes MAKERS CHOICE 25-01
      • Release Notes MAKERS CHOICE 24-11
      • Release 8 Enhancement Package 4 (EHP4)
      • Release 8 Enhancement Package 3 (EHP3)
      • Release 8 Enhancement Package 2 (EHP2)
      • Release 8 Enhancement Package 1 (EHP1)
    • Archive Long Term Support
      • Release Notes 8
      • Release 7 Enhancement Package 1 (EHP1)
      • Release Notes 7.0
      • Release Notes 6.5
      • Release Notes 6.0
      • Release Notes 5.5
      • Release Notes 5.0
      • Release Notes 4.5
      • Release Notes 4.0
      • Release Notes 3.5
      • Release Notes 3.0
      • Release Notes 2.5
      • Release Notes 2.0

Setup Principal Propagation for SAP BTP

1874 views 0 Updated on January 24, 2025

What is Principal Propagation?

With Principal Propagation you have the possibility to propagate the logged in user from SAP BTP to an App, that you have created with Simplifier.

The following steps are needed to use Principal Propagation in your App:

  • If you want to use a Corporate Identity Provider (e.g. Microsoft EntraID) you have to establish trust between IAS and the Corporate Identity Provider
  • IAS (SAP Cloud Identity Services) needs to trust BTP and vice versa
  • You need to setup IAS as an oAuth Authentication Provider in Simplifier
  • Your App needs to use the LoginAction for oAuth2.0 with the new parameter UsePrincipalPropagation set to true
  • You need to prepare your App for deploying to BTP and Principal Propagation

Do I need the SAP Cloud Connector?

Depending on how Simplifier is deployed, you will need to use SAP Cloud Connector in order to utilize the Apps, which you have created with Simplifier, on SAP BTP.

  • If Simplifier is not publicly reachable, then you will need to use SAP Cloud Connect
  • If Simplifier can be accessed from anywhere on the Internet, then you will not need to use SAP Cloud Connect

See the diagram below for two examples.

This documentation handles both cases – with and without the use of SAP Cloud Connector.

If you are already using SAP BTP with IAS and a Corporate Identity Provider, you might have already established trust between SAP Cloud Identity Services and your Corporate Identity Provider (e.g. Microsoft EntraID) – please read through this chapter anyway, to be sure that everything is setup properly.

Setup Corporate Identity Provider

This documentation establishes trust between a Microsoft EntraID and SAP Cloud Identity Services. For other Corporate Identity Providers than EntraID, please consult their documentation.

In EntraID you have to add SAP Cloud Identity Services as an Enterprise Application. In SAP Cloud Identity Services you have to add EntraID as a Corporate Identity Provider. Please follow these instructions to set this up: https://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial

In order that email, name and groups of the user are transferred correctly from EntraID to BTP, we need to adapt the Claims & Attributes with these steps:

  • In EntraID go to your newly created Enterprise Application (e.g. named SAP Cloud Identity Services for BTP)
  • Choose “Manage”
  • Choose “Single sign-on”
  • Choose “SAML”
  • Choose “Attributes & Claims”
  • In the end we need the Attributes and Claims like shown in the lower screenshot
  • It is important that the claim names are correct (groups, email, given_name, family_name) and without a namespace (this applies for any Corporate Identity Provider – not only for EntraID)

If you are already using SAP BTP, you might have already established trust between SAP Cloud Identity Service and SAP BTP – please read through this chapter anyway, to be sure that everything is set up properly.

Setup IAS and BTP

Follow this tutorial, how trust can be established between SAP Cloud Identity Services and your SAP BTP Subaccount:
https://developers.sap.com/tutorials/abap-custom-ui-trust-cf..html

Now in SAP Cloud Identity Services you have a new application e.g. called “SAP BTP subaccout”. For this Application you have to go to “Conditional Authentication” and in the section “Default Authenticating Identity Provider” choose the formerly established Corporate Identity Provider (in our case EntraID) as Default Identity Provider.

Setup SAP Cloud Identity Service as oAuth in Simplifier

Please follow this documentation: https://community.simplifier.io/doc/installation-instructions/setup-external-identity-provider/configure-btp-identity-services-via-openid-connect/

Probably you already have a SAP Cloud Identity Services subscription, so you can skip the first step.

The next steps are:

  • Stay in the Simplifier Settings for Authentication and in “Mechanism settings” of “sapbtp” enable the switch for Principal Propagation
  • Next, we need to look up the domain name, that is used for principal propagation.
    • In SAP Cloud Identity Services go to
      • Applications & Resources
      • Select the application, that has been created for the SAP BTP subaccount (something with “XSUAA_…”)
      • Select it’s “OpenID Connect Configuration”
      • As “Redirect URI” there should be something like “https://<YOUR_INSTANCE>.authentication.eu10.hana.ondemand.com/login/callback/sap.custom” and “https://<YOUR_INSTANCE>.authentication.eu10.hana.ondemand.com” is the URL we are looking for.
  • Now switch back to the Simplifier Settings for Authentication and in “Mechanism settings” of “sapbtp”
  • As “Propagation JKU” fill in: “https://<YOUR_INSTANCE>.authentication.eu10.hana.ondemand.com/token_keys”
  • As “Propagation Profile URL” fill in: “https://<YOUR_INSTANCE>.authentication.eu10.hana.ondemand.com/userinfo”
  • “Propagation Profile Path” and “Propagation Profile Verb” should stay with the defaults “/” and “GET”

Mapping User Details and Groups

  • Go to the subtab “User Details”
  • Fill in:
    • First Name: “given_name”
    • Last Name: “family_name”
    • E-Mail Address: “email”
  • Go to the subtab “User Groups”
    • Depending on whether the user logs into the Simplifier Admin UI via oAuth (case 1) or via a Simplifier App from BTP via Principal Propagation (case 2) the groups need to be mapped from different paths from the extracted user profile. So for each group, that we want to use in a mapping, we need to create two entries – here is one example:
    • We want to map the group with the ID “123-ABC” to the “Sales” group defined in Simplifier
    • Fill in the two rules for “Sales” like in the screenshot
      • for (case 1) we have the rule, that the path “groups” in the extracted profile should “contain” the group ID “123-ABC”
      • for (case 2) we have the rule, that the path “idTokenPayload/xs.system.attributes/xs.saml.groups” in the extracted profile should “contain” the group ID “123-ABC”

Create App

An App, that makes use of Principle Propagation needs to use the Login Action with the prepared oAuth Authentication Provider. Here is an example, how to do that:

  • You are editing your App in the Simplifier Admin UI
  • In the Process Designer create a story and name it “Login”
  • From the left icon bar pull in the shape to subscribe an event
  • choose e.g. “Screen Events” -> “onBeforeFirstShow” of the first screen, that appears in your app
  • From the left icon bar pull in the shape to “Server Action”
  • connect both shapes
  • Select again the “Login Action” shape and choose “oAuth 2.0” in the right details view
  • Double click the “Login Action” shape and pull in all parameters from the right
    • set the “Service” to the name of the created oAuth Authentication Provider for which we have enabled Principal Propagation – in our case it’s “sapbtp”
    • set “UsePrinciplePropagation” to true
    • click “Apply”
  • You should also connect the output points of the shape “Success”, “Already logged in” and “Error” like for any other “Login Action”

Setup SAP Cloud Connector

You will only need to setup SAP Cloud Connector, in case your Simplifier is not accessible from the Internet.

After SAP Cloud Connector is installed and you can log into the Cloud Connector, you can connect SAPCC (SAP Cloud Connector) to SAP BTP.

Log into the SAP BTP Cockpit and go into your subaccount. Choose “Connectivity” and click “Cloud Connectors”. Here you can “Download Authentication Data”.

After that, log on into SAPCC. Click onto “+ Add Subaccount” and choose “Configure using authentication data from file”. Follow the steps until the subaccount is connected to the SAPCC.

Add System Mapping:

Now select the connected subaccount in SAPCC and click onto “Cloud to On-Premise”. On the tab “ACCESS CONTROL” add a new system mapping.

  1. Step
    1. Back-end Type: choose “Non-SAP System”
  2. Step
    1. Protocol: HTTP
  3. Step
    1. Internal Host: choose the name of the host, under which the SAPCC can reach the Simplifier Backend
    2. Internal Port: choose the port, under which the SAPCC can reach the Simplifier Backend
  4. Step
    1. Virtual Host: choose a name for the Simplifier Backend, that will later be used by the SAP BTP Destination (e.g. “p-on-prem-simplifier”)
    2. Virtual Port: choose the port for the Simplifier Backend, that will later be used by the SAP BTP Destination (can be same as the internal port)
  5. Step
    1. Remove the check for “Allow Principal Propagation” (because we will use a different type of Principal Propagation)
  6. Step
    1. Choose to “Use Virtual Host” as the Host in the Request Header
  7. Step
    1. Give a description, if you want to
  8. Step
    1. Finish the system mapping

Add resource:

Next we have to add a resource for the mapped system. After clicking the “+”, please add this data:

  • URL Path should be “/”
  • “Active” should be checked
  • “Websocket” should be checked
  • “Access Policy” should be “Path and all Sub-Paths”

The complete result can now look like this:

Prepare App for BTP and Principal Propagation

Follow the steps described in the general documentation how to deploy a Simplifier App to BTP – after Step 7, see additional information lower here:

Deploy to SAP BTP

Follow these additional steps:

In case you don’t use SAP Cloud Connector

    • in xs-app.json
{  
  "authenticationType": "none",
  "csrfProtection": false,
  "source": "^/authentication/oauth/<PROVIDER>/propagation(.*)$",
  "destination": "SharedInstancePropagateToken" 
}
    • Attention: The order of the entries in xs-app.json is important! The added entry needs to be before the catch-all-entry with the “source”: “^(.*)$”. Otherwise you will notice a 404-error “file not found” when trying to login via Principal Propagation.
  • Fill the variable:
    • <PROVIDER>: the name of the Authentication Provider, that you have configured in Simplifier – e.g. “sapbtp”

In case you work with SAP Cloud Connector

  • After “Step 7” we have to modify an existing destination:
    • in destination.json
      Change the SharedInstance accordingly to the following
{
    "Name": "SharedInstance",
    "Description": "",
    "Authentication": "NoAuthentication",
    "ProxyType": "OnPremise",
    "Type": "HTTP",
    "URL": "http://<VIRTUAL_HOST>:<VIRTUAL_PORT>",
    "HTML5.DynamicDestination": true,
    "tokenServiceURLType": "Dedicated",
    "CloudConnectorLocationId": "<CLOUD_CONNECTOR_LOCATION_ID>"
}
  • and we have to change the SharedInstancePropagateToken destination:
    • in destination.json
{
    "Name": "SharedInstancePropagateToken",
    "Description": "",
    "Authentication": "OAuth2JWTBearer",
    "ProxyType": "OnPremise",
    "Type": "HTTP",
    "URL": "http://<VIRTUAL_HOST>:<VIRTUAL_PORT>",
    "tokenServiceURL": "http://<virtual-host>:<virtual-port>/authentication/oauth/<PROVIDER>/token",
    "tokenServiceURLType": "Dedicated",
    "clientSecret": "<OWN_CLIENT_SECRET>",
    "clientId": "<OWN_CLIENT_ID>",
    "HTML5.DynamicDestination": true,
    "CloudConnectorLocationId": "<CLOUD_CONNECTOR_LOCATION_ID>"
}
    • in xs-app.json
{  
  "authenticationType": "none",
  "csrfProtection": false,
  "source": "^/authentication/oauth/<PROVIDER>/propagation(.*)$",
  "destination": "SharedInstancePropagateToken" 
}
    • Attention: The order of the entries in xs-app.json is important! The added entry needs to be before the catch-all-entry with the “source”: “^(.*)$”. Otherwise you will notice a 404-error “file not found” when trying to login via Principal Propagation.
    • Attention: It is important to set every url with http and not with https eaven the url is different configured in the SAP Cloud Connector
  • Fill the variables:
    • <VIRTUAL_HOST> and <VIRTUAL_PORT> are the values, that you have defined in SAP Cloud Connector
    • <PROVIDER>: the name of the Authentication Provider, that you have configured in Simplifier – e.g. “sapbtp”
    • <CLOUD_CONNECTOR_LOCATION_ID>: if you have defined a LocationId for your SAPCC
    • <OWN_CLIENT_ID> and <OWN_CLIENT_SECRET> can be looked up from the Authentication Provider in Simplifier – see screenshot below

Hints common for both cases (with and without SAPCC)

  • Hint for “Step 8” – if “cf login” isn’t working for you, you can also try “cf login –sso“
  • The API endpoint, that is required in “Step 8“, can be looked up in the “Overview” -> “General” -> “Cloud Foundry Environment” of your subaccount in here: https://emea.cockpit.btp.cloud.sap/cockpit/
Related Articles
  • Release Cycle
  • Release Notes 9
  • Release Notes MAKERS CHOICE 25-03
  • Pre-Release Notes 10
  • Form Assistant
  • Translate Workflows
Previous
Troubleshoot SAP SSO via SNC
Next
Using OAuth for authorization on Azure / Entra ID

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.