Replies: 1 comment
-
in principle mod_sts can be configured to sit in between tthe two gateways and translate tokens back and forth: on the incoming request it could consume the access token that is presented by the client to the Broadcom CA API gateway and exchange it for a SAML 2.0 bearer assertion to present that to the SAP Gateway (and get another access token to access the protected resources) however, mod_sts is an STS client that needs to communicate with an STS service to exchange a token; that STS service should be capable of issuing a SAML 2.0 token and have a trust relationship with the SAP gateway so the question boils down to: would you be able to setup an STS service like that, perhaps using: https://help.sap.com/docs/SAP_SINGLE_SIGN-ON/9de177aaf069402bb654ae05ffd72421/f9f32fdcc45e48babac609eb66382274.html?version=2.15 |
Beta Was this translation helpful? Give feedback.
-
Greetings,
I have a backend SAP Gateway system that supports either SAML2**.0 bearer assertion flow for OAuth2** or Authorization Code Flow for OAuth 2. This is behind the Broadcom CA API gateway which only supports Password Grant or Client Credentials. It will do some other flows, but only in a browser-based scenario. I am trying to set up a system-to-system API so there is no browser involved thus I cannot use those other flows with Broadcom's API gateway.
Can mod_sts help with this scenario?
SAP supported flows documentation:
https://help.sap.com/docs/ABAP_PLATFORM/e815bb97839a4d83be6c4fca48ee5777/de1b14d589fa46b383ec43fd33dace86.html
Beta Was this translation helpful? Give feedback.
All reactions