Outbound OAuth connection in S4Hana on-premise possible?

3k views Asked by At

Does SAP S/4HANA on Premise support outbound communication with OAuth 2.0 client_Credentials to send an IDoc (or whatever) via http to an OAuth 2.0 protected endpoint?

The question is probably very simple but it seems like SAP is trying to do everything to hide the answer if you do not want to pay a lot of money.

Thanks in advance.

1

There are 1 answers

3
Suncatcher On

Yes, indeed, it supports.

Here is the detailed guide how to do this with the sample implementation scenarios:

https://wiki.scn.sap.com/wiki/display/Security/OAuth+2.0+-+Integrating+access+protected+web+services+using+the+OAuth+2.0+Client

The core component of communication through OAuth is an OAuth 2.0 Client which is available since ABAP 740 and on all subsequent S4HANA releases, tcode OA2C_CONFIG.

For sending IDocs you should create HTTP destination with OAuth authentication in HANA SM59 and send IDocs to it in XML form (described here).

Creation of OAuth HTTP destination:

  1. Access the SM59 transaction.
  2. In the RFC Connections table, choose HTTP Connection to External Server. Then, choose Create, which is the paper icon.

  1. In the Technical Settings tab, proceed as follows:
  • In the Target Host field, fill out the URL
  • Enter 443 in the Service No. field.
  • Enter /oauth/token?grant_type=client_credentials in the Path Prefix field.


(source: sap.com)

  1. In the Logon & Security tab, Logon With User section, proceed as follows:
  • Choose Basic Authentication.

  • In the User field, enter your client ID from the Service Key

  • In the Password field, enter your client secret from the Service Key


(source: sap.com)

  1. [OPTIONAL] In the Logon & Security tab, Security Options section, proceed as follows:
  • Choose Active in the SSL option.

  • Choose DFAULT SSL Client (Standard) in the SSL Certificate dropdown list.


(source: sap.com)

  1. Click on Connection Test button to complete this task.

For consuming the OAuth-protected APIs in ABAP program you need to create OAuth Client profile with some additional steps. The communication model will be the following:

Here is the detailed example of implementation:

https://wiki.scn.sap.com/wiki/display/Security/Access+Google+APIs+using+the+OAuth+2.0+Client+API.

Due to the abundance of integration scenarios it's difficult to describe them all, every configuration is different.

P.S. Some of the points about S4Hana communication config were already given by me in your question 6 months ago.