/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Principal propagation is configured between Business Technology Platform, Cloud Connector and a backend on premise system such as ABAP or S4Hana. Connection is either direct between Cloud Connector and ABAP/S4Hana or there is an additional intermediary such as a proxy, SAP Web Dispatcher or a Load balancer in between the Cloud Connector and the backend system.
A principal propagation Single sign-on (SSO) is failing with the following errors seen in the dev_icm trace of the backend ABAP or S4Hana on premise system:
HttpCertIsReverseProxyTrustworthy: no trust relationship to intermediary specified (see documentation for parameter "icm/HTTPS/trust_client_with_issuer" or "icm/trusted_reverse_proxy")
HttpIsReverseProxyTrustworthy: intermediary is NOT trusted
HttpModGetDefRules: intermediary is NOT trusted -> remove SSL header fields
Reject untrusted forwarded certificate
Additionally you might see:
(received via HTTPS with untrusted certificate) or (received via HTTP) or (received via HTTPS without certificate)
Read more...
Environment
- SAP NetWeaver release independent;
- SAP Business Technology Platform Connectivity;
- SAP Cloud Connector(SCC) release independent.
Product
Keywords
intermediary is NOT trusted, SCC, SAP Cloud Connector, backend, principal propagation, ABAP, S4HANA, Reject untrusted forwarded certificate (received via HTTPS with untrusted certificate), BTP, Business Technology Platform, reverse proxy did not forward a certificate, HttpIsReverseProxyTrustworthy: intermediary is NOT trusted, HttpIsReverseProxyTrustworthy, does not match trusted subject, Principal propagation, PP, principal, $name, $email, $mail, $display_name, $login_name, trust_client_with, CERTULE, SSL Server Standard, CA, Certificate Authority, subject pattern, PP, trusted_reverse_proxy, trust_client_with_issuer, trust_client_with_subject, PKIX, certificate path, certificate, sample, subject pattern, assertion, SAML, SAML2, BTP, Subject DN, Issuer, SAN, Subject, subject alternative name, popup, username, Assertion ticket, does not match trusted issuer , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , BC-SEC-LGN , Authentication , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)