< Previous Challenge - 🏠Home - Next Challenge >
So far so good. You have established the famous "SAP Principal Propagation". It doesn't stop there though. Often there is a desire to deal with the complexity of this authentication mechanism in one place and solve for all clients centrally. We will be employing Azure APIM for that purpose.
Didn't wear our towels during last session, but they were close. Got lucky this time.
Part 1
Part 2
Familiarize yourself with this blog post "AzureSAPODataReader" and GitHub repos to learn more about the context.
- Ensure access to your APIM exposed API endpoints. Are you running externally only? Hybrid? Internet facing?
- Convert your OData $metadata to OpenAPIv3 and import into Azure APIM
- Clone git repos AzureSAPODataReader, configure your params on the bash script UpdateAPIMwithVariablesForSAPPolicy.sh and execute. The script pre-populates your APIM instance with the required "Named Values" for the following policy. The approach mimics the call sequence we verified via Postman before.
- Add SAP Principal Propagation policy to your OData api
- Build upon this Postman collection to test your setup (direct copy link here).
- Use Policy Debugger in Visual Studio Code
- Use SAP transaction/web dynpro
/nsec_diag_tooland add correct SAP client number 😏
- Be able to call your SAP OData api through APIM using an Azure AD authenticated client
- Offloaded SAP Principal Propagation into APIM
Microsoft Docs for SAP OData import into APIM
Generate SDKs for any programming language using AutoREST and OpenAPI