From ac7f0d24d13b883d34b7d87765dba604f764ab8c Mon Sep 17 00:00:00 2001 From: Martin Pankraz Date: Thu, 28 Dec 2023 14:58:49 +0100 Subject: [PATCH] Update auth note --- documentation/WHATS-NEXT.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/documentation/WHATS-NEXT.md b/documentation/WHATS-NEXT.md index a8ce515..06b7b33 100644 --- a/documentation/WHATS-NEXT.md +++ b/documentation/WHATS-NEXT.md @@ -12,14 +12,18 @@ This repos automatically sets up the Azure App Service health endpoint pinging y > **Warning** - Be aware that the trial instance of the [Business Partner API](https://api.sap.com/api/API_BUSINESS_PARTNER/overview) throttles easily. -## Authentication with Azure AD 🔐 +## Authentication with Microsoft Entra ID (formerly Azure AD) 🔐 -[Configure](https://learn.microsoft.com/azure/app-service/configure-authentication-provider-aad) your App Service or Azure Functions app to use Azure AD login. Use standard variable `X-MS-TOKEN-AAD-ACCESS-TOKEN` to retrieve the access token from the request header. [Learn more](https://learn.microsoft.com/azure/app-service/configure-authentication-oauth-tokens#retrieve-tokens-in-app-code) +[Configure](https://learn.microsoft.com/azure/app-service/configure-authentication-provider-aad) your Azure Function app to use Entra ID login. See the [linked Azure App Service repos](https://github.com/Azure-Samples/app-service-javascript-sap-cloud-sdk-quickstart/blob/main/documentation/AUTHENTICATION.md) for more details on how to automate the Identity Provider configuration and SAP OData API authorization. + +Use standard variable `X-MS-TOKEN-AAD-ACCESS-TOKEN` to retrieve the access token from the request header. [Learn more](https://learn.microsoft.com/azure/app-service/configure-authentication-oauth-tokens#retrieve-tokens-in-app-code) Consider SAP Principal Propagation for your authentication scenario handled by [Azure API Management](https://learn.microsoft.com/azure/api-management/sap-api#production-considerations). [Learn more](https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Request%20OAuth2%20access%20token%20from%20SAP%20using%20AAD%20JWT%20token.xml) +![Overview of authentication flow and trust relationship of SAP services with Azure and Entra ID](https://github.com/Azure-Samples/app-service-javascript-sap-cloud-sdk-quickstart/blob/main/assets/app-auth-principal-propagation.svg) + ## Connectivity to SAP backends and secure virtual network access 🔌 SAP backends on Azure typically run in fully isolated virtual networks. There are multiple ways to connect to them. Most popular ones are: