/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
This Knowledge Base Article (KBA) provides a brief guide to quickly resolving principal propagation authorization issues.
The Cloud Connector logs display the message: "is closed."
2025-12-02 18:23:31,313 +0000#DEBUG#com.sap.core.connectivity.spi.processing.AbstractProtocolProcessor#tunnel-client-32-5#0xc36f8a26#Successfully opened backend connection [id: 0x3c5c3faa, L:/10.100.100.02:64987 - R:myserver.sap.com/10.100.100.1:44300]
025-12-02 18:23:31,327 +0000#DEBUG#io.netty.handler.ssl.SslHandler#tunnel-client-32-5# #[id: 0x3c5c3faa, L:/10.100.100.02:64987 - R:myserver.sap.com/10.100.100.1:44300] 2HANDSHAKEN: protocol:TLSv1.2 cipher suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2025-12-02 18:23:31,397 +0000#DEBUG#com.sap.core.connectivity.spi.processing.OutboundConnectionErrorHandler#tunnel-client-32-5#0xc36f8a26#Backend channel [id: 0x3c5c3faa, L:/10.68.29.143:64987 ! R:myserver.sap.com/10.100.100.1:44300] is closed
2025-12-02 18:23:31,414 +0000#DEBUG#com.sap.core.connectivity.spi.processing.AbstractProtocolProcessor#tunnel-client-32-5#0xc36f8a26#Released backend connection channel [id: 0x3c5c3faa, L:/10.100.100.02:64987! R:myserver.sap.com/10.100.100.1:44300]
The Internet Communication Manager (ICM) logs show:
"Intermediary not trusted"
"Client did not send any certificate"
[Thr 140361650923264] out: cert_len = <no cert>
[Thr 140361650923264] out: csuite_name = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
[Thr 140361650923264] HttpCertIsReverseProxyTrustworthy: client did not sent any cert ->intermediate not trustworthy
[Thr 140361650923264] HttpIsReverseProxyTrustworthy: intermediary is NOT trusted
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Read more...
Environment
- BTP Cloud environment
- SAP Cloud Connector supported versions
- SAP AS ABAP backend system release independent
Keywords
Principal Propagation, PP, Assertion ticket, Principal, Propagation, pattern, email, e-mail, mail, username, name, authentication, assertion, pop-up, pops up, popup, username, password, back-end, backend, ABAP, SU01, SAP CC, SAP Cloud connector, SAPCC, connector, IDP, sub-account, subaccount, emai, username, e-mail, mail, display_name, login_name, SCC, trusted_reverse_proxy, kernel 7.53, trust_client_with, CERTULE, SSL Server Standard, CA, Certificate Authority, subject pattern, PP, trusted_reverse_proxy, trust_client_with_issuer, trust_client_with_subject, $name, $email, $mail, $display_name, $login_name, PKIX, certificate path, certificate, sample, subject pattern, assertion, SAML, SAML2, BTP, Subject DN, Issuer, SAN, Subject Alternative Names, 401, 302, no turst, logon, Reject untrusted forwarded certificate, icm/server_port*, Unauthorized, HttpCertIsReverseProxyTrustworthy, intermediary is NOT trusted, , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)