SAP Knowledge Base Article - Preview

3297437 - Client Cert Authentication for Inbound calls to CPI tenants on CF

Symptom

  • You wish to configure Client Certificate-based authentication for inbound calls to your Cloud Integration tenant
  • The CPI Tenant is on Cloud Foundry

Note - This guide focuses specifically on configuring this scenario using the 'Role-based' option and with the default SAP Provided ESBMessaging.send role. There is also an option to configure the same using your own custom role, or to configure this with the certificates maintained directly in the sender adapter.
While it is not recommended to implement the latter, you can find information on how to do both in the the following SAP Community blog - Cloud Integration on CF – How to Setup Secure HTTP Inbound Connection with Client Certificates

For details on using your own Custom Role, see the section 'Use User-defined Role'.
The configuration steps required to implement this scenario with the certificates maintained directly in the adapter are described in the section '2. Option: Configure Certificates directly in Integration Flow'.

However, it is recommended to use '1. Option: Role-Based Authorization' where possible, and it is this method which this KBA will focus on.

I would also strongly recommend checking the above blog as it provides greater detail and insight into the mechanisms and architecture involved here and goes into this topic in greater depth. 

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


Read more...

Environment

  • SAP Cloud Integration
  • SAP Integration Suite
  • SAP Business Technology Platform

Product

Cloud Integration all versions ; SAP Integration Suite all versions

Keywords

CPI, SCPI, HCI, SAP Integration Suite, Cloud Integration, client certificate, authentication, 401, Inbound, receiver, sender, HTTP, RFC, SOAP, adapter, cert, service key, service instance, certificate-based, cert-based, The client certificate is not configured in a service key of a Process Integration Runtime service instance , KBA , LOD-HCI-PI-CON-HTP , HTTP Adapter , LOD-HCI-PI-CON-SOAP , SOAP Adapter , LOD-HCI-PI-CON-RFC , RFC Adapter , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.