Configuring Principal Propagation for SSO
A prerequisite step is that you've configured SAP Principal Propagation between your Cloud Connector and your SAP Back-end.
Configure Cloud Connector for Principal Propagation
For Principal Propagation to work with enosix Link, the Cloud Connector System Mapping Virtual to Internal System entry has been configured over HTTPS with Principal Type X.509 Certificate.
Note: The internal port must be a secure port on the Netweaver Application Server.
Configure Destination for Principal Propagation
To configure a link route for Principal Propagation a destination based route must be used.
The only additional change needed will be to configure the Authentication to use
Configure Authorization and Trust Management Service in SAP Cloud Foundry
The space Link is deployed to will need to have an Authorization and Trust Management service (XSUAA) provisioned with the instance name of
xsuaa, although it can be configured to use a specific instance. Configuring the Authorization and Trust Management instance
Configure the routing
Configure Link to match destination
Use the cloud foundry CLI with the following
- name: enosix-link-<company-name> # Add your company name
random-route: true # Remove this line in the production space
#Logging__LogLevel__Default: Trace # Used to enable detailed trace logging for submitting issues
Routes__dev__ConcurrentRequests: 10 # Throttle link to a limited number of requests concurrently, in order to reduce memory constraints.
Routes__dev__Token: 3de65974f59e200ef27e8ecfb84437f7 # Rename to a unique secret token
Routes__dev__Destination: sap-ensx-framework # Should match to the name of the destination configured in BTP Subaccount using PrincipalPropagation