cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is principal propogation possible for .net->SOAP->PI->XI(ABAP Proxy)->ECC ?

Former Member

on ‎11-26-2011 6:38 AM

0 Kudos

Hello Experts,

I have a sync scenario as :

.Net client -> SOAP -> P I-> XI(ABAP Proxy) -> ECC where functionalities from ECC are exposed as Webservices via PI and consumed by .net client.

For this solution we expect to have a SSO enabled along with Principal propogation(PP) end to end.

1.How can we achieve PP for this scenario?

For SSO from .net client to PI we have configured SPNego which uses Kerberos Authentication. This part is working fine when we use static USER on RFC destination of type H for XI adapter to call proxy. But when I am trying to configure PP on this part(PI to ECC) it fails with error UnAuthorised 401?

2.Has anyone tried this kind of scenario and got it working? Or if anyone knows how this can be implemented successfully?

3.OR Is there any way using which I can use RFC destination of Type T for calling a proxy, as type T RFC destinations have direct option to Use SAP logon tickets which I am getting from SPNego?

I could find many blogs/threads on SDN regarding Principal propogation, but most of them are quite old (around 2005 - 2007) or they refer to threads which contradict to each other. I believe that SAP has improvised over time and it should be possible to achieve this in one way or other?

Any inputs in answer to above questions/concerns will be very helpful.

Kind Regards,

Abhijeet.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎07-07-2015 5:51 PM
0 Kudos

Hi,

Were you able to flow your user thru the entire process, not just PIAFUSER?

Thanks!

Show replies
Show replies
Former Member
‎11-26-2011 9:49 AM
0 Kudos

Hi,

I don't know for your detailed flow, but according to page 4 of this[ document (2007)|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/808d3048-638c-2a10-35a6-faa48e50ad59], yes PP is suported by Soap and XI adapter.

I had also this [PI71- Principal Propagation Using Logon Tickets -2009.03|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/50d07121-07a5-2c10-5280-a081de9b851c].

Advice: check your PI version and the oss notes, because there are somes...

regards

Mickael

Show replies
Show replies
Former Member
‎11-27-2011 2:57 PM
0 Kudos

Hi Mickael,

I have already gone through these docs. All documents are refering to SAP sender system & RFC adapters where one can use "T type" rfc destinations.

I have configured steps needed for PP, but PI system logs in with PIAFUSER onto the backend SAP system(ECC) using ABAP proxy instead of actual user.

I have made one change to my scenario, I am using type G destination now which has option to use SAP logon tickets.With this logon to backend SAP system is working with SAP logon tickets but it uses "PIAFUSER" as user to logon.

Any hints - what could be the reason for this?

kind Regards,

Abhijeet.

Ask a Question