[go: up one dir, main page]
Scribd
Upload
239 views9 pages

Client Certificate Authentication For Flow Processing in

This document provides a guide on setting up Client Certificate Authentication for inbound integration in SAP Cloud Platform Integration (CPI) using Postman. It outlines the steps to create a service key with a certificate, configure Postman with the necessary certificates, and test the integration flow. The process ensures secure communication between external systems and SAP CPI by allowing only authorized clients with the appropriate certificates to access the integration flow.

Uploaded by

jaydata2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
239 views9 pages

Client Certificate Authentication For Flow Processing in

This document provides a guide on setting up Client Certificate Authentication for inbound integration in SAP Cloud Platform Integration (CPI) using Postman. It outlines the steps to create a service key with a certificate, configure Postman with the necessary certificates, and test the integration flow. The process ensures secure communication between external systems and SAP CPI by allowing only authorized clients with the appropriate certificates to access the integration flow.

Uploaded by

jaydata2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Client Certificate Authentication for Integration Flow Processing in

SAP CPI from POSTMAN


Client Certificate Authentication for Integration ... - SAP Community

Client Certificate Authentication for Integration Flow Processing in SAP CPI

In this blog, we will discuss Client Certificate Authentication for inbound integration in
SAP Cloud Platform Integration (CPI).

Authentication Options

When it comes to authentication, we have two main options:

1. Client Certificate
2. User Role

For Client Certificate Authentication in the HTTP sender adapter of CPI, we will be using
the User Role option.

In this scenario, we will share our client certificate with the requester (in this case,
Postman) to authenticate the requests to our SAP CPI instance.

Step 1: Log on to CPI BTP Tenant

 Create a new instance of Service Process Integration Runtime and select the
plan Integration Flow.

Step 2: Create and Configure the Service Key

 In this step, we need to create a Service Key. This includes:


o Service Key Name: Define a name for your service key.
o Key Type: Choose one of the following:
 Client ID/Secret: The service key contains a client ID and client
secret (client credentials).
 Certificate: SAP generates a client certificate and public/private
key pair with the service key.
 External Certificate: If a third party shares the certificates, choose
this option.

In our case, we will select the Certificate option.


Select the instance> Right hand side select the service key > Click on Create
Add Service Key Name
Key Type- Certificate
Click on create
Click on View> select form

Arrange the certificate like below format after copying certificate value into
notepad and save as xxx.PEM.
1. Also, copy the private key value to a text editor arrange it like below, and save it
as certificate. Key.

Example format:

Step 4: Copy Host URL

 After downloading both certificates, copy the host URL from the form and save it
for later use.

Example URL:
https://9368e858trial.it-cpitrial06-rt.cfapps.us10-001.hana.ondemand.com
Now move on the Post man tool

Step 5: Configure Postman

1. In Postman, provide the CPI URL that was created during the I-flow deployment.
2. Create an I-flow using the HTTPS adapter and configure it as required. After
deploying the flow in CPI, you will get the URL under the integration content to
use in Postman.
3. Set the authorization type as No AUTH in Postman.

Step 6: Add Certificates in Postman

1. Go to the Settings option in Postman (top right corner of the screen).


2. Click on Certificates.
3. Add the .pem and .key files here.
4. Add the host name (URL) you saved earlier when creating the service key.
and give the CPI URL which was created in CPI.

Step7: In CPI create a I-flow using Https adapter and maintain as like below.
After deploying the flow we will get the URL and use the same in POSTMAN tool. And
authorization type as No AUTH

Step 8: Test the Integration

1. Close the settings screen.


2. Trigger a test message from Postman.
3. You should now be able to see the message in CPI.

Trigger test message from POSTMAN.


We can see message in CPI.

Summary

When setting up secure communication between external systems (like Postman) and
SAP Cloud Platform Integration, one commonly used method is Client Certificate
Authentication. This method ensures that only authorized clients with the appropriate
certificates can access your CPI integration flow. In this process, we create and
configure a service key with a certificate, then share this certificate with the external
requester.

We walked through the steps required to:

1. Log in to the SAP CPI BTP tenant.


2. Create and configure a service key with the certificate option.
3. Download and properly format the .pem and .key files.
4. Configure Postman to use these certificates for authentication.
5. Deploy the integration flow and test the connection using Postman.

Conclusion

Client Certificate Authentication is a robust and secure method for ensuring that only
trusted clients can access your SAP CPI integration flows. By following the steps
outlined in this blog, you can successfully set up certificate-based authentication, which
offers a higher level of security compared to basic authentication methods like
username and password.

This approach is particularly useful when integrating with external systems or APIs
where maintaining a secure communication channel is critical. By leveraging SAP’s
capability to generate certificates, you can simplify the authentication process while
maintaining security standards.

You might also like