HCPMS and HCP Database backend
Dear HCPMS/SMP dev and experts,
I'd like to pick your brain on a persitent problem I am facing.
Background to the problem:
I have a productive hana instance on Hana Cloud Platform. I have created a database for it and exposed it as xsodata service i.e. https://abcdefg.hana.ondemand.com/myxsapp/MyODataService.xsodata/
The service can be accessed using user's SAP ID (p-xxxxxx/s-xxxxxx) via SAP's Identity Provider
It is important that user must log in with SAP ID because I have Database Views which is using SESSION_USER to identify which records to retrieve.
Now I have also created a hybrid mobile app with Kapsel Logon.
I have also set up application on the HCPMS, which backend "https://abcdefg.hana.ondemand.com/myxsapp/MyODataService.xsodata/"
What I want to achieve:
It's actually quite simple: I want user to logon via Kapsel Logon (can be Basic auth or Form auth) using SAP IDP. Then I would like that logged-in user being propagated to the backend which is using the same SAP IDP too.
What problem I am having:
I can't seem to get the user propagation to work. Please do note that I am no security expert, so I am currently still trying to understand many of the concepts.
Currently there are a few choice of Authentication Type for the backend configuration in HCPMS:
|Basic Authentication||This seem to require me to logon as a specific user by providing username and password|
|Principal Propagation||This is only for on-premise that use HANA Cloud Connector? My hana instance is on Hana Cloud Platform|
This sounds like the way to go, but I have absolutely no idea where to find the Issuer SID, Issuer Client, Receipient SID, Receipient Client, Signing Key, Signing Certificate.
Can I use existing certificate that my HANA instance already has, if it has one? If yes, where do I find those information and what sort of configuration do I my HANA instance to allow this type of authentication?
If not, how do I generate these information (I assume I need to generate certificate?) and how to upload this cert to HANA?
|Client Certification||I assume this is no go as it will always log in as a specified user instead real user's username.|