O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Principal Propagation with SAP Cloud Platform

Using SAP principal propagation to seamlessly integrate the SAP Cloud Platform to on-premises SAP systems and an Identity Provider such as SAP IDM

Audiolivros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Principal Propagation with SAP Cloud Platform

  1. 1. Principal  Propagation  with  SAP  Cloud  Platform
  2. 2. Automation  Core • Technology  improvements  mean  computing  tasks  previously  requiring  interaction  with  people,  can  be  fully  automated. • Automation  brings  repeatability,  reduced  error  rates,  easy  scalability  of  service  provision. Platform  Agnostic • Future  interoperability  and  open  standards  will  mean  businesses   can  swap  easily  between  cloud  providers. • It  is  key  that  solutions   are  designed  to  operate  in  such  a  platform  agnostic  manner  outside  the  bounds  of  normal   technical  architecture  design  (i.e.  no  fixed  O/S  choices  or  fixed  DB  platforms). Established  Technological  Principals • Solutions   today,  should   be  built  using  already  established  technological  principals. • Using  bleeding  edge  rarely  produces  the  perceived  benefits  in  places  such  as  core  business   systems,  without  significant   buy-­‐in  from  business   leaders. • Pre-­‐empting  standards  not  already  widely  adopted,  could  produce  a  “Beta-­‐Max”  scenario. Future  Assurance • Technology  solutions  should  deliver  for  a  minimum  timeframe  within  the  context  of  the  lifecycle  of  the  related  business  system. • Example:  Re-­‐writing  scripts  during  any  platform  migration  should  not  just  use  the  coolest  scripting  language,  they  should  use  a  commonly   known  language  widely  used  and  understood. Drivers
  3. 3. • Permits  federated   authentication  (single-­‐sign-­‐on)   into  customer  SAP  systems   via  an  IdP such  as  SAP  IDM. • Authentication  to  on-­‐premise   SAP  IDM  is  possible. • Subsequent   SAP  system  can  authenticate   against  the  IDM  generated  SAP  logon   ticket  (MYSAPSSO2  cookie)  or  SAML2  token. • SAP  Cloud  Platform  (SCP)  users  (S-­‐users)   can  use  SAP  Cloud  Platform  services   such  as  Web  IDE,  authenticating  into  the  customer  SAP  systems  against  their   respective   SAP  system  account  in  the  IdP (usually  their  corporate  identity). About  Principal  Propagation
  4. 4. • SAP  Cloud  Platform  a.k.a.  SCP  (previously   called  SAP  HANA  Cloud). • A  PaaS  set  of  tools,  utilities  and  cloud  capabilities  for  use  with  SAP  and  non-­‐ SAP  products,  all  provided  in  the  cloud. • Accessed   over  the  internet. • Is  the  future  of  SAP  software   integration  and  will  provide  the  basis  for  many   SAP  SaaS  applications  also. • Can  be  accessed   from  “on-­‐premise”   (or  your  cloud  provider)   using  the  SAP   Cloud  Connector  (SCC),  which  acts  as  a  reverse   proxy.   About  SAP  Cloud  Platform
  5. 5. SCP SAP  Cloud  Platform   Developer  with  S-­‐user   account. Destinations: BE1:1234 SAP  Cloud  Connector Sub-­‐ Account:  ABC123 BE1:1234  =   https://be1.corp Trust  Store CA  Cert System  Cert BE1  SSL  Cert  Chain Cloud “On-­‐Premise”  (Cloud  be   cloud  hosted  IaaS) IdP (SAP  IDM) UME Developer  corporate   identity  and  account. BE1  – SAP (https://be1.corp) Optional Web  Dispatcher Trust  Store SCC  CA  Cert Target  ICF  Service ICM  (+Web  Dispatcher)  Parameters: login/certificate_mapping_rulebased=”1“ icm/trusted_reverse_proxy_0=<SCC  System  CA> icm/HTTPS/verify_client=1 ICM Trust  Store SCC  CA  Cert SSL HTTP  HEADER SCC  Cert   Chain x.509 Client  Cert SAML   Token Customise: STRUST CERTRULE RZ10 Wdisp SSL  Chain Architecture  Overview
  6. 6. SCP: • Create  S-­‐user  account(s). • Create  destination  to  back-­‐end  SAP  system  via  SCC  with  Principal  Propagation  enabled  and  pointing  to  your  IdP. IdP: • SAML:  Configure  SAML  token  creation  for  SCP  users  after  authentication. SCC: • Sub-­‐Account:  Register  SCP  sub-­‐accounts  for  incoming  connections  from  SCP. • On-­‐Premise:  Configure  trust  store  with  back-­‐end  SAP  system  SSL  server  cert  and  optional  Web  Disp SSL  cert. • On-­‐Premise:  Configure  Principal  Propagation  user  x.509  client  cert  creation  upon  SAML  token  receipt. BE1: • ICM:  Transaction  STRUST  to  trust  the  SCC  client  x.509  cert. • AUTH:  Transaction  CERTRULE  to  map  SCC  dynamic  x.509  client  cert  CN  to  SAP  system  user  accounts. • ICM:  Transaction  RZ10  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP   header. Optional  Web  Dispatcher: • ICM:  Adding  SCC  client  x.509  cert  to  the  SAPSSLS  PSE. • ICM:  DEFAULT.PFL  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP  header. Areas  for  Configuration
  7. 7. • Principal  Propagation  should  enable  smooth  efficient   access  to  back-­‐end  SAP   systems  via  the  SAP  Cloud  Connector   from  the  SAP  Cloud  Platform. • A  secure  setup  is  always  recommended,   paying  attention  to  SAP   recommendations   for  the  SCC  networking  and  HA. • The  future  direction  of  SAP  integration  will  need  to  use  the  SCC  more  and   more.    Example:  SAP  Analytics  Coud. • The  Principal  Propagation  trust  setup  is  complex  and  involves  multiple   certificates,   leaving  you  open  to  the  probability  of  certificate  expiration   causing  an  outage. Summary
  8. 8. SAP  Notes: • SAP  note  2462533  -­‐ Configuring  Principal  Propagation  to  an  ABAP  System. • SAP  note  2052899  -­‐ ICM  -­‐ Multiple  Trusted  Reverse   Proxies • SAP  note  2461375  -­‐ How  to  connect  SAP  Cloud  Platform  Identity   Authentication  Service   to  on-­‐premise   user  store SAP  Guides: • SCC  secure   setup  recommendations: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/e7ea82a4bb571014a4ceb61cb7e3d31f.html • Configure  Principal  Propagation  for  an  ABAP  system: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/a8bb87a72d094e0d981d2b1f67df7bc3.html References
  9. 9. Thank  You

    Seja o primeiro a comentar

    Entre para ver os comentários

Using SAP principal propagation to seamlessly integrate the SAP Cloud Platform to on-premises SAP systems and an Identity Provider such as SAP IDM

Vistos

Vistos totais

2.072

No Slideshare

0

De incorporações

0

Número de incorporações

0

Ações

Baixados

48

Compartilhados

0

Comentários

0

Curtir

0

×