3249519 - 401 Unauthorized error returned from backend abap system when using basic authentication via Cloud Connector

When connecting from SAP BTP to an on-premise ABAP system via the SAP Cloud Connector, even though Basic Authentication is configured in the cloud application and the user credentials are correctly maintained, the backend ABAP system may still respond with a “401 Unauthorized” error.

To verify this behavior, the corresponding response can be found in the Cloud Connector traffic trace file,  for example: traffic_trace_<account id>_on_<landscapehost>.trc or tunnel_traffic_<account id>_on_<landscapehost>.trc, provided that the “Payload Trace” option is enabled in the Cloud Connector, as described in SAP KBA 2452568 – How to collect traces in the SAP Cloud Connector.
 
>>> yyyy-mm-dd hh:mm:ss,xxx +xxxx  >>> Response data for connection 0xxxxxxxxx in thread tunnel-client-xx-x
000000 | XXXXXXXXXXXX  |HTTP/1.1 401 Unauthorized..set-c|
000020 | XXXXXXXXXXXX  |ookie: sap-ssolist=XXXXXXXXXXX|

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental. 

SAP Cloud Connector

cloud connector, 401, unauthorized, traffic trace, system mapping, basic authentication, principal type, X.509 Certificate, strict usage, sap-ssolist, system certificate for logon, <Connectivity/Unauthorized>: Could not fetch the content from the design-time destination. Please verify that the configured credentials are correct , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Bug Filed